Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

31-May-23

In some of its network attached storage (NAS) products marketed towards home users, Zyxel has addressed a high-severity authenticated command injection vulnerability (CVE-2023-27988).The web management interface for the devices contained the vulnerability.

Zyxel has confirmed that this vulnerability “could be used by an authenticated attacker with administrator privileges to remotely execute some operating system (OS) commands on an affected device.” The affected Zyxel NAS models include the following versions:x000D versions 5.21(AAZF.12)C0 and earlier, 5.21(AAZF.9)C0 and earlier, and 5.21(AAZF.9)C0 and earlier of the NAS326

Read More…