Security News > 2023 > December > Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
2023-12-01 06:22

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an


News URL

https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-35138 OS Command Injection vulnerability in Zyxel Nas326 Firmware and Nas542 Firmware
A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
zyxel CWE-78
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 459 3 115 71 44 233