Zyxel warns users against new important vulnerabilities in its NAS gadgets

Zyxel warns users against new important vulnerabilities in its NAS gadgets - cve-2023-27992 - Zyxel vulnerability - CVE-2023

Last updated 12 month ago

Security
nas
vulnerability

Zyxel warns users against new important vulnerabilities in its NAS gadgets



Zyxel is a Taiwanese manufacturer higher known for cellular and broadband community merchandise and a few NAS devices for community-based garage access. Two of these NAS merchandise are stricken by six dangerous vulnerabilities, for which the employer already provided a security update.

Zyxel has these days launched a brand new safety advisory for a group of protection vulnerabilities located in the organisation's NAS devices. The six flaws might be abused to skip authentication protocols and inject malicious commands within the NAS OS, Zyxel has warned. Users are recommended to install the already to be had security patches for "most desirable protection" in their community garage setups.

The newly-located vulnerabilities, which consist of 3 vital flaws with very high severity ratings, are described inside the following CVE-tracked announcements: CVE-2023-35137, CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, CVE-2023-4473, CVE-2023-4474. The first flaw (CVE-2023-35137) has a severity rating of seven.Five and relates to an unsuitable authentication within the Zyxel NAS devices that would permit an unauthenticated attacker to achieve system statistics with a particularly crafted URL.

The second flaw (CVE-2023-35138) is a crucial vulnerability (nine.Eight severity score) in the "show zysync server contents" function, Zyxel explains, that could provide hackers with a way to execute "some" OS commands through sending a particular HTTP POST request. The 0.33 flaw (CVE-2023-37927) is a excessive-severity worm (eight.Eight) with flawed neutralization of special elements in the CGI program, which could permit attackers to execute OS instructions by sending a crafted URL.

The fourth flaw (CVE-2023-37928) is a post-authentication command injection vulnerability (8.8) within the WSGI server, that can over again open an OS command execution opportunity thru a malicious URL. The 5th flaw (CVE-2023-4473) is a vital computer virus (nine.Eight) in Zyxel NAS' internet server that could be exploited the equal manner. Finally, the sixth flaw (CVE-2023-4474) is but some other critical trouble (9.8) arising from the incorrect neutralization of unique factors in the WSGI server.

Zyxel stated the work achieved by 3 researchers (Maxim Suslov, Gábor Selján, Drew Balfour) in discovering the safety flaws. The business enterprise performed a "thorough investigation" to identify the supported gadgets tormented by the issues, which encompass the NAS326 and NAS542 community garage models.

The Taiwanese producer failed to provide any possible mitigation measures or workaround to shield the devices in opposition to the new flaws. To keep their information safe from cyber-criminals, customers want to put in the subsequent firmware updates: V5.21(AAZF.15)C0 for NAS326, V5.21(ABAG.12)C0 for NAS542.

  • cve-2023-27992

  • Zyxel vulnerability

  • CVE-2023-20887

  • CVE-2023-28702

  • zyxel command injection cve-2023-28771

  • CVE-2023 1620

  • CVE-2023-1619

  • CVE-2023-20867

Valve bans DOTA 2 gamers with a lump of coal for Christmas

Valve bans DOTA 2 gamers with a lump of coal for Christmas

 Valve is notoriously chronic in catching and banning DOTA 2 gamers who wreck the guidelines, having kicked nicely over one hundred,000 in 2023. However, the corporation's modern day marketing campaign to hold the game ...

Last updated 11 month ago

Hisense unveils 110-Inch TV with 10,000 nits brightness and 40,000 backlighting zones, Rollable Laser TV

Hisense unveils 110-Inch TV with 10,000 nits brightness and 40,000 backlighting zones, Rollable Laser TV

What simply happened? One component we are continually guaranteed to look numerous at CES is a slew of recent and impressive TVs. Hisense has turn out to be the modern organisation to reveal off its upcoming sets, which...

Last updated 11 month ago

Apple iPhone dressmaker will be part of Jony Ive and OpenAI boss Sam Altman to paintings on mysterious client AI tool

Apple iPhone dressmaker will be part of Jony Ive and OpenAI boss Sam Altman to paintings on mysterious client AI tool

What simply came about? The project to construct a consumer AI tool this is already being called the "iPhone of synthetic intelligence" has taken some other step toward fact. Joining what's beginning to seem l...

Last updated 11 month ago

Valve and AMD begin fixing Counter-Strike 2 driving force bans

Valve and AMD begin fixing Counter-Strike 2 driving force bans

What simply passed off? If you acquired a VAC ban in Counter-Strike 2 after using latest AMD photos drivers, Valve will rectify the problem quickly, and you must download AMD's modern replace. In related news, Raptor La...

Last updated 13 month ago

Microsoft OneDrive is getting a first-rate overhaul with the addition of Copilot and AI search functions

Microsoft OneDrive is getting a first-rate overhaul with the addition of Copilot and AI search functions

What just occurred? Microsoft has announced a slew of adjustments to its OneDrive service, bringing a new design and some of AI capabilities. The changes are part of what the corporation is looking the 0.33 technology o...

Last updated 14 month ago

The History of the Modern Graphics Processor

The History of the Modern Graphics Processor

The evolution of the modern snap shots processor started with the advent of the primary 3D add-in playing cards in 1995. This improvement coincided with the giant adoption of 32-bit running structures and the affordabil...

Last updated 12 month ago


safirsoft.com© 2023 All rights reserved

HOME | TERMS & CONDITIONS | PRIVACY POLICY | Contact