Improper Authentication Vulnerability in Zyxel NAS Firmware
CVE-2023-35137

7.5HIGH

Key Information:

Vendor: Zyxel
Status: NAS326 firmware; NAS542 firmware
Vendor: CVE Published:; 30 November 2023

What is CVE-2023-35137?

An improper authentication vulnerability exists in Zyxel NAS326 and NAS542 devices, specifically within their authentication modules. An unauthenticated attacker could exploit this flaw by sending a specially crafted URL to a vulnerable device, potentially allowing access to sensitive system information. This vulnerability highlights the importance of robust authentication mechanisms in safeguarding device integrity.

Affected Version(s)

NAS326 firmware V5.21(AAZF.14)C0

NAS542 firmware V5.21(ABAG.11)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2023
Vulnerability Reserved
Jun 14, 2023