Security News > 2022 > September > Zyxel releases new NAS firmware to fix critical RCE vulnerability
Networking device maker Zyxel is warning customers today of a new critical remote code execution vulnerability impacting three models of its Networked Attached Storage products.
"A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory.
The vendor has already released security updates for the impacted devices in the form of firmware updates, with links to the downloads in the security advisory.
You can visit Zyxel's official download portal, enter your device model, and download the latest firmware update listed in the results.
The vulnerability could be abused to steal data, delete data, or deploy ransomware on Internet-exposed NAS devices.
Only yesterday, we reported that QNAP patched a zero-day vulnerability over the weekend that was used in a new wave of DeadBolt ransomware attacks.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)