The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
02 Jun 2023, 19:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Zyxel nas326 Firmware
Zyxel nas326 Zyxel Zyxel nas542 Zyxel nas542 Firmware Zyxel nas540 Firmware Zyxel nas540 |
|
CPE | cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-78 | |
References | (CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - Patch, Vendor Advisory |
30 May 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 02:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27988
Mitre link : CVE-2023-27988
CVE.ORG link : CVE-2023-27988
JSON object : View
Products Affected
zyxel
- nas326_firmware
- nas326
- nas542_firmware
- nas542
- nas540_firmware
- nas540
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')