The problem is identified as CVE-2022-34747 and affects the NAS326, NAS540, and NAS542 models due to a “format string vulnerability” (CVSS score: 9.8). Ilya Shaposhnikov, a researcher, was given credit by Zyxel for finding the error.
The business stated in an alert published on September 6 that “a format string vulnerability was detected in a certain binary of Zyxel NAS systems that could allow an attacker to accomplish unauthorised remote code execution through a forged UDP packet.” Read More…