Multi Critical Vulnerabilities Found in Zyxel NAS Products

In the ever-evolving landscape of cybersecurity, vigilance is paramount. Zyxel, a prominent manufacturer of network-attached storage (NAS) devices, has recently disclosed a series of critical vulnerabilities that could expose your NAS device to unauthorized access and control. These vulnerabilities, if left unaddressed, could allow malicious actors to infiltrate your network, steal sensitive data, or even compromise your entire system.

The Vulnerabilities: A Spectrum of Security Flaws

• CVE-2023-35137 (CVSS score: 7.5): This vulnerability in the authentication module of Zyxel NAS devices could allow an unauthenticated attacker to gain system information through a crafted URL, exploiting an improper authentication flaw.
• CVE-2023-35138 (CVSS score: 9.8): Here, a command injection flaw in the “show_zysync_server_contents” function permits an unauthenticated attacker to execute OS commands via a crafted HTTP POST request. This vulnerability is particularly alarming due to its high CVSS score, indicating a critical level of threat.
• CVE-2023-37927 (CVSS score: 8.8): This flaw arises from the improper neutralization of special elements in the CGI program of the NAS devices, enabling an authenticated attacker to execute OS commands through a tailored URL.
• CVE-2023-37928 (CVSS score: 8.8): A post-authentication command injection vulnerability in the WSGI server could let an authenticated attacker run OS commands via a specially crafted URL.
• CVE-2023-4473 (CVSS score: 9.8): Another command injection vulnerability, this time in the web server, allows an unauthenticated attacker to execute OS commands with a specially crafted URL. Its high CVSS score underlines the critical risk it poses.
• CVE-2023-4474 (CVSS score: 9.8): Similar to CVE-2023-4473, this vulnerability stems from improper neutralization in the WSGI server, enabling unauthenticated attackers to execute OS commands.

Affected Models and Patch Availability

Zyxel has responded promptly with patches for the affected models, specifically NAS326 and NAS542. Owners of these models with firmware versions V5.21(AAZF.14)C0 and V5.21(ABAG.11)C0, respectively, are advised to upgrade to the patched versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 to mitigate these vulnerabilities.