CVE-2023-27992: Pre-authentication command injection vulnerability in Zyxel NAS devices
In the ever-evolving landscape of cybersecurity, a newly-discovered vulnerability, dubbed CVE-2023-27992, has recently hit the headlines. This high-risk flaw, with an alarming CVSS score of 9.8, warrants immediate attention from users and administrators worldwide due to its potential to compromise the integrity of Zyxel NAS devices.
The vulnerability, officially known as a pre-authentication command injection flaw, resides in certain versions of Zyxel NAS devices. This flaw could potentially empower an unauthenticated attacker with the ability to execute operating system (OS) commands remotely.
In layman’s terms, the threat actor doesn’t need your password or any other form of authentication. They merely need to send a cunningly crafted HTTP request, and suddenly they are in command of your system—allowing them to manipulate data, disrupt services, or undertake other harmful activities.
The models under threat from this vulnerability are specific versions of the NAS326, NAS540, and NAS542. The affected firmware versions are:
– NAS326 – V5.21(AAZF.13)C0 and earlier
– NAS540 – V5.21(AATB.10)C0 and earlier
– NAS542 – V5.21(ABAG.10)C0 and earlier
These versions are all susceptible to this high-risk vulnerability. However, there is a silver lining to this cyber storm cloud. Zyxel, in a commendable move towards mitigation, has released patches addressing this issue. The patched firmware versions are:
– NAS326 – V5.21(AAZF.14)C0
– NAS540 – V5.21(AATB.11)C0
– NAS542 – V5.21(ABAG.11)C0
The credit for unearthing this hidden threat goes to security researchers Andrej Zaujec, NCSC-FI, and Maxim Suslov. Their combined efforts have led to this significant discovery, averting a potentially disastrous situation for countless users.
The discovery of CVE-2023-27992 serves as a crucial reminder of the lurking threats in the digital world. With its high CVSS score of 9.8, this vulnerability should be treated with the utmost priority. Zyxel users should immediately update their devices to the patched firmware versions to ensure optimal protection.
