CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

History

02 Jun 2023, 19:49

Type Values Removed Values Added
References (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CWE CWE-78
First Time Zyxel nas542
Zyxel nas326 Firmware
Zyxel nas540 Firmware
Zyxel nas326
Zyxel nas542 Firmware
Zyxel nas540
Zyxel
CPE cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

30 May 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-30 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-27988

Mitre link : CVE-2023-27988

CVE.ORG link : CVE-2023-27988


JSON object : View

Products Affected

zyxel

  • nas542
  • nas326_firmware
  • nas540_firmware
  • nas326
  • nas542_firmware
  • nas540
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')