The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Zyxel
Published: 2024-01-30T00:55:33.090Z
Updated: 2024-08-23T18:58:04.490Z
Reserved: 2023-10-04T03:32:04.281Z
Link: CVE-2023-5372
Vulnrichment
Updated: 2024-08-02T07:59:44.902Z
NVD
Status : Modified
Published: 2024-01-30T01:15:59.063
Modified: 2024-11-21T08:41:38.017
Link: CVE-2023-5372
Redhat
No data.