4 matches found
The vulnerability of the microprogrammed software for Zyxel NAS326, NAS540, and NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.
The vulnerability of the microprogrammed software for Zyxel NAS326, NAS540, and NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially...
PT-2023-3171 · Zyxel · Zyxel Nas326 +2
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions prior to V5.21AAZF.14C0 Zyxel NAS540 versions prior to V5.21AATB.11C0 Zyxel NAS542 versions prior to V5.21ABAG.11C0 Description: The pre-authentication command injection issue in Zyxel NAS devices could allow an...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2020-9054
Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...