Sunday, September 8, 2024
HomeCVE/vulnerabilityZyxel Command Injection Flaws Let Attackers Run OS Commands

Zyxel Command Injection Flaws Let Attackers Run OS Commands

Published on

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities.

Zyxel NAS (Network Attached Storage) devices provide fast, secure, and reliable storage services for data storage and file-sharing requests. Zyxel offers Zyxel Drive, allowing users to access Zyxel NAS devices over the internet even if they are not connected to the same network. 

Users can retrieve, upload, and manage the files that are stored in the NAS devices. Zyxel has released a security advisory for these vulnerabilities and has patched the affected NAS products.

- Advertisement - EHA
Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Command Injection Vulnerabilities

CVE-2023-35138: Command Injection

This vulnerability exists in the “show_zysync_server_contents” function of Zyxel NAS devices that could allow an unauthenticated threat actor to execute operating system commands. 

An attacker can exploit this vulnerability by sending a crafted HTTP POST request. The severity for this vulnerability has been given as 9.8 (Critical).

CVE-2023-37928: Post Command Injection

This was a post-authentication command injection vulnerability that exists in the WSGI server in NAS devices. An unauthenticated threat actor can execute Operating system commands on the affected devices by sending a crafted URL.

The severity for this vulnerability has been given as 8.8 (High).

CVE-2023-4473: Command Injection in web server

This vulnerability exists in the web server of Zyxel NAS devices, which could allow an unauthenticated threat actor to execute Operating system commands. Successful exploitation of this vulnerability requires a threat actor to send a crafted URL to the vulnerable devices.

The severity rating for this vulnerability has been given as 9.8 (Critical).

Affected Products & Fixed in Versions

Affected modelAffected versionPatch availability
NAS326V5.21(AAZF.14)C0 and earlierV5.21(AAZF.15)C0
NAS542V5.21(ABAG.11)C0 and earlierV5.21(ABAG.12)C0

Zyxel also credited the consultancies and security researchers who have responsibly reported these vulnerabilities to them. Credits were given to 

  • Maxim Suslov for CVE-2023-35138
  • Attila Szász from BugProve for CVE-2023-37928, CVE-2023-4473
  • Drew Balfour from IBM X-Force for CVE-2023-4473

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...