3 matches found
CVE-2023-35138
A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zyxel has released patches to address 15 security issues impacting network-attached storage NAS, firewall, and access point AP devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 CVSS...
CVE-2023-35138
CVE-2023-35138 describes a command-injection vulnerability in Zyxel NAS326 (firmware v5.21(AAZF.14)C0 and earlier) and NAS542 (firmware v5.21(ABAG.11)C0 and earlier) where the function show_zysync_server_contents can be abused by an unauthenticated attacker to run OS commands via a crafted HTTP P...