CVE-2023-27992
- EPSS 86.39%
- Veröffentlicht 19.06.2023 12:15:09
- Zuletzt bearbeitet 19.03.2025 20:58:46
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthen...
CVE-2023-27988
- EPSS 0.34%
- Veröffentlicht 30.05.2023 02:15:33
- Zuletzt bearbeitet 21.11.2024 07:53:52
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected ...
- EPSS 0.24%
- Veröffentlicht 06.08.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:07
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4....
- EPSS 0.13%
- Veröffentlicht 06.08.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:07
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AAS...
- EPSS 94.31%
- Veröffentlicht 04.03.2020 20:15:10
- Zuletzt bearbeitet 21.03.2025 19:50:32
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyX...