Vulnerabilities > CVE-2023-35137 - Unspecified vulnerability in Zyxel Nas326 Firmware and Nas542 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zyxel

NVD

Published: 2023-11-30

Updated: 2024-11-21

Summary

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Vulnerable Configurations

Part	Description	Count
OS	Zyxel Zyxel Nas326 Firmware - Zyxel Nas326 Firmware 5.21 Zyxel Nas326 Firmware 5.21\(Aazf.7\)C0 Zyxel Nas326 Firmware 5.21\(Aazf.12\)C0 Zyxel Nas326 Firmware 5.21\(Aazf.13\)C0 Zyxel Nas326 Firmware 5.21\(Aazf.14\)C0 Zyxel Nas542 Firmware - Zyxel Nas542 Firmware 5.21\(Abag.4\)C0 Zyxel Nas542 Firmware 5.21\(Abag.9\)C0 Zyxel Nas542 Firmware 5.21\(Abag.10\)C0 Zyxel Nas542 Firmware 5.21\(Abag.11\)C0	11
Hardware	Zyxel Zyxel Nas326 - Zyxel Nas542 -	2

Summary

Vulnerable Configurations

References