Zyxel Addresses 15 Security Vulnerabilities Across NAS, Firewall, and AP Devices with Latest Patches

Zyxel has taken swift action to rectify 15 security vulnerabilities affecting a range of devices, including network-attached storage (NAS), firewalls, and access points (APs). Among these vulnerabilities, three critical flaws posed significant risks, enabling potential attackers to bypass authentication and execute command injections.

The specific vulnerabilities are detailed as follows:

CVE-2023-35138 (CVSS score: 9.8) – A critical command injection vulnerability that permits unauthenticated attackers to execute operating system commands through a carefully crafted HTTP POST request.
CVE-2023-4473 (CVSS score: 9.8) – A critical command injection vulnerability within the web server, allowing unauthenticated attackers to execute operating system commands via a manipulated URL directed at a vulnerable device.
CVE-2023-4474 (CVSS score: 9.8) – An imperative improper neutralization of special elements vulnerability enabling unauthenticated attackers to execute operating system commands through a specifically crafted URL.

Zyxel has also addressed three high-severity flaws (CVE-2023-35137, CVE-2023-37927, and CVE-2023-37928). Exploiting these vulnerabilities could potentially grant attackers access to system information and the ability to execute arbitrary commands. It’s noteworthy that CVE-2023-37927 and CVE-2023-37928 require authentication for successful exploitation.

The impacted models and versions include:

NAS326: Versions V5.21(AAZF.14)C0 and earlier (Patched in V5.21(AAZF.15)C0)
NAS542: Versions V5.21(ABAG.11)C0 and earlier (Patched in V5.21(ABAG.12)C0)

This comprehensive advisory follows closely on the heels of Zyxel’s recent fixes for nine vulnerabilities in specific firewall and access point versions. Some of these could potentially be weaponized to gain unauthorized access to system files and administrator logs, or even trigger a denial-of-service (DoS) condition.

Given the historical exploitation of Zyxel devices by threat actors, users are strongly urged to promptly apply the latest updates to fortify their systems against potential security threats.

Found this news interesting? Follow us on Twitter and Telegram to read more exclusive content we post.

Post Views: 54

Zyxel Addresses 15 Security Vulnerabilities Across NAS, Firewall, and AP Devices with Latest Patches

PyQt Mastery: From Beginner to Advanced

Learn AI by yourself! Recommended AI study and learning methods that beginners won’t be discouraged by!

Foundation Models: The Heart of Generative AI

Complete HTML Handwritten Notes

Complete C++ Handwritten Notes From Basic to Advanced

Complete Python Ebook From Basic To Advanced

Top 7 Open-Source LLMs for 2024 and Their Uses

Complete HTML Handwritten Notes

Complete C++ Handwritten Notes From Basic to Advanced

Complete Python Ebook From Basic To Advanced

Ukraine Enhances Wartime Efforts Through Advanced Cyber Intelligence Strategies

A Mild, Sweet Fruit With a Fibrous Center

Top Men’s Fashion Trends From Spring

Spicy Crispy Chicken Burger Recipe

Ethos Technologies Data Breach Settlement Offers Compensation of Up to $5,200 for Affected Individuals

New Sophisticated and Modular ‘Deadglyph’ Malware Unleashed in Government Cyberattacks

Ukrainian Authorities Detect Russian Hacker Campaign Seeking Evidence of War Crimes

Debian Project Launches Debian 12.1 “Bookworm” Featuring 89 Bug Remediations and 26 Security Enhancements

Gadgets That Will Upgrade Your Home

For Good Results Must Be Make Good Plan

Zyxel Addresses 15 Security Vulnerabilities Across NAS, Firewall, and AP Devices with Latest Patches

Related Posts