Skip to main content

Nas540 Firmware

5 CVEs product

Monthly

CVE-2023-27992 CRITICAL KEV PATCH THREAT Act Now

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas540 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
84.2%
CVE-2023-27988 HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas540 Firmware Nas542 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-13365 HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-13364 HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware Nas520 Firmware Nas540 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-9054 CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE Nas326 Firmware Nas520 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
100.0%
EPSS 84% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware +2
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nas326 Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Nas326 Firmware +3
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Command Injection RCE +27
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy