⚠ Actively exploited

Added to CISA KEV on 2023-06-23. Federal agencies required to patch by 2023-07-14. Required action: Apply updates per vendor instructions..

CVE-2023-27992

CWE-78 — OS Command Injection5 documents5 sources

Severity

9.8CRITICAL

EPSS

86.5%

top 0.58%

CISA KEV

KEV

Added 2023-06-23

Due 2023-07-14

Exploit

Exploited in wild

Active exploitation observed

Affected products

Zyxel Nas326 Firmware Zyxel Nas540 Firmware Zyxel Nas542 Firmware

Timeline

PublishedJun 19

KEV addedJun 23

KEV dueJul 14

CISA Required Action: Apply updates per vendor instructions.

Description

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5zyxel/nas326_firmware< V5.21(AAZF.14)C0

▶CVEListV5zyxel/nas540_firmware< V5.21(AATB.11)C0

▶CVEListV5zyxel/nas542_firmware< V5.21(ABAG.11)C0

▶NVDzyxel/nas326_firmware< 5.21\(aazf.14\)c0

▶NVDzyxel/nas540_firmware< 5.21\(aatb.11\)c0

Patches

Patch: www.zyxel.com ↗Patch: www.zyxel.com ↗

🔴Vulnerability Details

GHSA

GHSA-5wv9-h9hr-4p52: The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5↗2023-06-19

▶

CVEList

CVE-2023-27992: The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5↗2023-06-19

▶

VulnCheck

Zyxel Multiple NAS Devices Command Injection Vulnerability↗2023

▶

📋Vendor Advisories

CISA

Zyxel Multiple NAS Devices Command Injection Vulnerability↗2023-06-23

▶