Security News > 2022 > September > Zyxel releases new NAS firmware to fix critical RCE vulnerability
Networking device maker Zyxel is warning customers today of a new critical remote code execution vulnerability impacting three models of its Networked Attached Storage products.
"A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory.
The vendor has already released security updates for the impacted devices in the form of firmware updates, with links to the downloads in the security advisory.
You can visit Zyxel's official download portal, enter your device model, and download the latest firmware update listed in the results.
The vulnerability could be abused to steal data, delete data, or deploy ransomware on Internet-exposed NAS devices.
Only yesterday, we reported that QNAP patched a zero-day vulnerability over the weekend that was used in a new wave of DeadBolt ransomware attacks.
News URL
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)