Three Command injection vulnerabilities have been found in Zyxel NAS (Community Hooked up Storage) merchandise, which might permit a menace actor to execute system instructions on profitable exploitation of those vulnerabilities.
Zyxel NAS (Community Hooked up Storage) gadgets present quick, safe, and dependable storage companies for knowledge storage and file-sharing requests. Zyxel affords Zyxel Drive, permitting customers to entry Zyxel NAS gadgets over the web even when they don’t seem to be linked to the identical community.
Customers can retrieve, add, and handle the information which are saved within the NAS gadgets. Zyxel has launched a safety advisory for these vulnerabilities and has patched the affected NAS merchandise.
StorageGuard scans, detects, and fixes safety misconfigurations and vulnerabilities throughout a whole bunch of storage and backup gadgets.
Command Injection Vulnerabilities
CVE-2023-35138: Command Injection
This vulnerability exists within the “show_zysync_server_contents” perform of Zyxel NAS gadgets that might permit an unauthenticated menace actor to execute working system instructions.
An attacker can exploit this vulnerability by sending a crafted HTTP POST request. The severity for this vulnerability has been given as 9.8 (Essential).
CVE-2023-37928: Publish Command Injection
This was a post-authentication command injection vulnerability that exists within the WSGI server in NAS gadgets. An unauthenticated menace actor can execute Working system instructions on the affected gadgets by sending a crafted URL.
The severity for this vulnerability has been given as 8.8 (Excessive).
CVE-2023-4473: Command Injection in net server
This vulnerability exists within the net server of Zyxel NAS gadgets, which might permit an unauthenticated menace actor to execute Working system instructions. Profitable exploitation of this vulnerability requires a menace actor to ship a crafted URL to the weak gadgets.
The severity ranking for this vulnerability has been given as 9.8 (Essential).
Affected Merchandise & Mounted in Variations
Affected mannequin | Affected model | Patch availability |
NAS326 | V5.21(AAZF.14)C0 and earlier | V5.21(AAZF.15)C0 |
NAS542 | V5.21(ABAG.11)C0 and earlier | V5.21(ABAG.12)C0 |
Zyxel additionally credited the consultancies and safety researchers who’ve responsibly reported these vulnerabilities to them. Credit got to
- Maxim Suslov for CVE-2023-35138
- Attila Szász from BugProve for CVE-2023-37928, CVE-2023-4473
- Drew Balfour from IBM X-Drive for CVE-2023-4473
Expertise how StorageGuard eliminates the safety blind spots in your storage programs by attempting a 14-day free trial.