CVE-2023-27988

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGH
EPSS
0.4%
top 37.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zyxel Nas326 FirmwareZyxel Nas540 FirmwareZyxel Nas542 Firmware
Timeline
PublishedMay 30

Description

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5zyxel/nas326_firmware< V5.21(AAZF.13)C0
NVDzyxel/nas326_firmware< 5.21\(aazf.13\)c0
NVDzyxel/nas540_firmware< 5.21\(aatb.10\)c0
NVDzyxel/nas542_firmware< 5.21\(abag.10\)c0

Patches

Patch: www.zyxel.comPatch: www.zyxel.com

🔴Vulnerability Details

2
GHSA
GHSA-wc8j-6g5m-3r95: The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V52023-05-30
CVEList
CVE-2023-27988: The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V52023-05-30
CVE-2023-27988 (HIGH CVSS 7.2) | The post-authentication command inj | cvebase.io