The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 07:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - Patch, Vendor Advisory |
02 Jun 2023, 19:49
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Zyxel nas542
Zyxel nas326 Firmware Zyxel nas540 Firmware Zyxel nas326 Zyxel nas542 Firmware Zyxel nas540 Zyxel |
|
CPE | cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:* |
|
CWE | CWE-78 |
30 May 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 02:15
Updated : 2024-11-21 07:53
NVD link : CVE-2023-27988
Mitre link : CVE-2023-27988
CVE.ORG link : CVE-2023-27988
JSON object : View
Products Affected
zyxel
- nas540_firmware
- nas326_firmware
- nas326
- nas542_firmware
- nas542
- nas540
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')