CVE-2023-27992
Zyxel Multiple NAS Devices Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
84.2%
p100
KEV
YES
Jun 23, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Zyxel / Multiple Network-Attached Storage (NAS) Devices
Vulnerability
Zyxel Multiple NAS Devices Command Injection Vulnerability
Added to KEV
Jun 23, 2023
Remediate by
Jul 14, 2023
Known ransomware use
No
Summary description
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.
Required action
Apply updates per vendor instructions.
Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992