4 matches found
CVE-2023-37928
creationtimestamp| type| source ---|---|--- 2023-12-01 13:01:05+00:00| seen| https://t.me/truesecator/5152 2023-12-01 17:29:09+00:00| seen| https://t.me/itsecnews/3752...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel has released patches to address 15 security issues impacting network-attached storage NAS, firewall, and access point AP devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 CVSS...
CVE-2023-37928
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable devic...
CVE-2023-37928
CVE-2023-37928 affects Zyxel NAS326 and NAS542: a post-authentication command-injection in the WSGI server could allow an authenticated attacker to execute OS commands via a crafted URL. The 3.1.9 CVE entry notes a high-severity impact (CVSS 8.8; network attack vector, require LOW privileges, no ...