The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
History

Tue, 10 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-06-23'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2023-06-19T11:42:41.774Z

Updated: 2024-12-10T16:00:18.927Z

Reserved: 2023-03-09T08:44:12.874Z

Link: CVE-2023-27992

cve-icon Vulnrichment

Updated: 2024-08-02T12:23:30.801Z

cve-icon NVD

Status : Modified

Published: 2023-06-19T12:15:09.433

Modified: 2024-11-21T07:53:53.520

Link: CVE-2023-27992

cve-icon Redhat

No data.