Patch Alert! Critical Command Injection Flaw Discovered in NAS Devices

Livia Gyongyoși

11 months ago

critical zyxel nas flaw

Zyxel announced patches are available and should be applied immediately for the newly discovered vulnerability CVE-2023-27992. The flaw is a pre-authentication command injection issue that affects some of the network-attached storage (NAS) versions.

More about CVE-2023-27992

According to the Common Vulnerability Scoring System (CVSS), the flaw was marked 9.8, which rates it as “critical”.

CVE-2023-27992 is a pre-authentication command injection flaw. It enables unauthenticated malicious actors to run OS commands remotely by using crafted HTTP queries.

The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Source

For the moment, Zyxel did not provide any workarounds or mitigations for the newly found vulnerability. However, the company swiftly rolled out security updates and warned its customers to patch.

Impacted NAS Versions and Patches

After researchers warned Zyxel about the flaw, the company investigated and identified the vulnerable products. Patches are already available and Zyxel strongly recommends users apply them as soon as possible.

You can read below about which NAS versions were impacted and their patching solutions:

NAS326 – impacts V5.21(AAZF.13)C0 and earlier, fixed in V5.21(AAZF.14)C0
NAS540 – impacts V5.21(AATB.10)C0 and earlier, fixed in V5.21(AATB.11)C0
NAS542 – impacts V5.21(ABAG.10)C0 and earlier, fixed in V5.21(ABAG.11)C0

According to BleepingComputer:

NAS devices are a particularly enticing target for ransomware operations that remotely exploit vulnerabilities to encrypt files and issue ransom demands. In the past, QNAP and Synology NAS devices have been targeted by ransomware in widespread attacks.

Source

In addition, CISA recently added to its Known Exploited Vulnerabilities (KEV) catalog two other flaws in Zyxel equipment.

CVE-2023-33009 and CVE-2023-33010 affect Zyxel firewalls and were added based on evidence of active exploitation. The two CVEs could lead to a denial-of-service (DoS) condition and remote code execution.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.

Install and Patch Software. Close Vulnerabilities. Achieve Compliance.

Heimdal® Patch & Asset Management

Remotely and automatically install Windows, Linux and 3rd party patches and manage your software inventory.

Create policies that meet your exact needs;
Full compliance and CVE/CVSS audit trail;
Gain extensive vulnerability intelligence;
And much more than we can fit in here...

Try it for FREE today 30-day Free Trial. Offer valid only for companies.