CVE-2020-9054
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
Zyxel / Multiple Network-Attached Storage (NAS) Devices
Vulnerability
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9054
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-27992—99.7%
KEV—80Zyxel Multiple NAS Devices Command Injection Vulnerability—