Pre-Authentication Command Injection Vulnerability in Zyxel NAS Devices
CVE-2023-27992

9.8CRITICAL

Key Information:

Vendor: Zyxel
Status: Nas326 Firmware; Nas540 Firmware; Nas542 Firmware
Vendor: CVE Published:; 19 June 2023

Badges

👾 Exploit Exists🟣 EPSS 89%🦅 CISA Reported

What is CVE-2023-27992?

A pre-authentication command injection vulnerability exists in certain Zyxel NAS firmware versions, which could permit an unauthenticated attacker to execute system-level commands remotely. This is accomplished by sending specially crafted HTTP requests, potentially leading to unauthorized access and manipulation of the device's operating system.

CISA has reported CVE-2023-27992

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-27992 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

NAS326 firmware < V5.21(AAZF.14)C0

NAS540 firmware < V5.21(AATB.11)C0

NAS542 firmware < V5.21(ABAG.11)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 23, 2023
🦅
CISA Reported
Jun 23, 2023
Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Mar 9, 2023