CVE-2023-27992

Summary

CVE-2023-27992 is a pre-authentication command injection vulnerability affecting the Zyxel NAS326, NAS540, and NAS542 firmware versions. Specifically, these versions prior to V5.21(AAZF.14)C0 for NAS326, V5.21(AATB.11)C0 for NAS540, and V5.21(ABAG.11)C0 for NAS542 are vulnerable. An unauthenticated attacker can exploit this flaw by sending a carefully crafted HTTP request, allowing them to execute certain operating system commands remotely. The implications of this vulnerability are significant, as it could potentially enable an attacker to gain unauthorized access, modify data, or cause other unwanted system behavior. System administrators should promptly update their affected devices to the recommended firmware versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.