Latest Technology News

You are here: Home / Cyber Security News / Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel has launched patches to address 15 security issues impacting network-connected storage (NAS), firewall, and access point (AP) equipment, like three critical flaws that could guide to authentication bypass and command injection.

The a few vulnerabilities are detailed beneath –

  • CVE-2023-35138 (CVSS rating: 9.8) – A command injection vulnerability that could allow an unauthenticated attacker to execute some operating method instructions by sending a crafted HTTP Publish ask for.
  • CVE-2023-4473 (CVSS rating: 9.8) – A command injection vulnerability in the web server that could make it possible for an unauthenticated attacker to execute some operating process commands by sending a crafted URL to a susceptible machine.
  • CVE-2023-4474 (CVSS rating: 9.8) – An incorrect neutralization of specific components vulnerability that could make it possible for an unauthenticated attacker to execute some operating process commands by sending a crafted URL to a susceptible product.

Also patched by Zyxel are a few significant-severity flaws (CVE-2023-35137, CVE-2023-37927, and CVE-2023-37928) that, if successfully exploited, could let attackers to acquire system details and execute arbitrary commands. It truly is worth noting that both equally CVE-2023-37927 and CVE-2023-37928 involve authentication.

The flaws impact the adhering to models and versions –

  • NAS326 – variations V5.21(AAZF.14)C0 and earlier (Patched in V5.21(AAZF.15)C0)
  • NAS542 – versions V5.21(ABAG.11)C0 and earlier (Patched in V5.21(ABAG.12)C0)

The advisory comes days after the Taiwanese networking vendor transported fixes for 9 flaws in pick firewall and obtain stage (AP) versions, some of which could be weaponized to access method documents and administrator logs, as well as cause a denial-of-support (DoS) affliction.

With Zyxel units normally exploited by risk actors, it’s hugely encouraged that buyers apply the most up-to-date updates to mitigate potential threats.

Observed this write-up appealing? Abide by us on Twitter  and LinkedIn to read through a lot more special content material we submit.

Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *