Tuesday, January 14, 2025
HomeCVE/vulnerabilityZyxel Command Injection Flaws Let Attackers Run OS Commands

Zyxel Command Injection Flaws Let Attackers Run OS Commands

Published on

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities.

Zyxel NAS (Network Attached Storage) devices provide fast, secure, and reliable storage services for data storage and file-sharing requests. Zyxel offers Zyxel Drive, allowing users to access Zyxel NAS devices over the internet even if they are not connected to the same network. 

Users can retrieve, upload, and manage the files that are stored in the NAS devices. Zyxel has released a security advisory for these vulnerabilities and has patched the affected NAS products.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Command Injection Vulnerabilities

CVE-2023-35138: Command Injection

This vulnerability exists in the “show_zysync_server_contents” function of Zyxel NAS devices that could allow an unauthenticated threat actor to execute operating system commands. 

An attacker can exploit this vulnerability by sending a crafted HTTP POST request. The severity for this vulnerability has been given as 9.8 (Critical).

CVE-2023-37928: Post Command Injection

This was a post-authentication command injection vulnerability that exists in the WSGI server in NAS devices. An unauthenticated threat actor can execute Operating system commands on the affected devices by sending a crafted URL.

The severity for this vulnerability has been given as 8.8 (High).

CVE-2023-4473: Command Injection in web server

This vulnerability exists in the web server of Zyxel NAS devices, which could allow an unauthenticated threat actor to execute Operating system commands. Successful exploitation of this vulnerability requires a threat actor to send a crafted URL to the vulnerable devices.

The severity rating for this vulnerability has been given as 9.8 (Critical).

Affected Products & Fixed in Versions

Affected modelAffected versionPatch availability
NAS326V5.21(AAZF.14)C0 and earlierV5.21(AAZF.15)C0
NAS542V5.21(ABAG.11)C0 and earlierV5.21(ABAG.12)C0

Zyxel also credited the consultancies and security researchers who have responsibly reported these vulnerabilities to them. Credits were given to 

  • Maxim Suslov for CVE-2023-35138
  • Attila Szász from BugProve for CVE-2023-37928, CVE-2023-4473
  • Drew Balfour from IBM X-Force for CVE-2023-4473

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...