Security News > 2023 > December > Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
2023-12-01 06:22
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an
News URL
https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-30 | CVE-2023-35138 | OS Command Injection vulnerability in Zyxel Nas326 Firmware and Nas542 Firmware A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | 0.0 |