← Zuruck zu CVEs
CVE-2023-27992
CRITICALCISA KEV9.8
Beschreibung
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/19/2023
Zuletzt geandert10/27/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerZyxel
ProduktMultiple Network-Attached Storage (NAS) Devices
SchwachstellennameZyxel Multiple NAS Devices Command Injection Vulnerability
KEV Aufnahmedatum2023-06-23
Behebungsfrist2023-07-14
Ransomware-NutzungUnknown
Betroffene Produkte
zyxel:nas326zyxel:nas326_firmwarezyxel:nas540zyxel:nas540_firmwarezyxel:nas542zyxel:nas542_firmware
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products(security@zyxel.com.tw)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.