Security News Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html
Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems.

Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability.

"The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request," Zyxel said in an advisory published today.
Click to expand...
thehackernews.com

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

⚠️ Attention Zyxel NAS users! A new critical vulnerability (CVE-2023-27992) could allow attackers to run arbitrary commands on affected systems.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Nevi, CyberTech, vtqhtr413 and 3 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Zyxel, a company that has struggled with software security problems, documented at least 15 security flaws in a range of products and warned that unpatched devices are at risk of authentication bypass, command injection and denial-of-service attacks.

The company is calling special attention to exposed attack surfaces in its firewalls and access points, warning that multiple devices can be exploited to access configuration files, steal sensitive cookies, launch denial-of-service conditions or execute commands.

In some cases, Zyxel said its firewalls and access points could allow an authenticated local attacker to modify the URL of the registration page in the web GUI of an affected device or access the administrator’s logs on an affected device.

The hardware vendor also shipped a second bulletin to warn of authentication bypass vulnerability and command injection vulnerabilities in two NAS (network attached storage) products.

In all, Zyxel documented six separate flaws in the NAS226 and NAS542 cloud storage devices, noting that attackers can exploit the flaws to capture sensitive system information or execute some operating system (OS) commands via booby-trapped URLs.

Security defects in Zyxel products feature prominents in the CISA KEV (Known Exploited Vulnerabilities) catalog and the company has acknowledged its devices have been ensnared in multiple DDoS-capable botnets.
Click to expand...
www.securityweek.com

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices

Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.
www.securityweek.com www.securityweek.com
 
  • Like
  • +Reputation
Reactions: upnorth, Gandalf_The_Grey, Nevi and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • Sad
    • +Reputation
Security News Disconnect Your D-Link NAS From the Internet Right Now
Replies
0
Views
1,104
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
460
Security News
Bot
Bot
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
Replies
6
Views
1,847
Security News
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top