Vulnerabilities > Zyxel > Nas326 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-06 CVE-2022-34747 Use of Externally-Controlled Format String vulnerability in Zyxel Nas326 Firmware 5.21/5.21(Aazf.7)C0
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
network
low complexity
zyxel CWE-134
critical
9.8
2020-03-04 CVE-2020-9054 OS Command Injection vulnerability in Zyxel products
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8