icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Zyxel Warns of Critical Command Injection Flaw in NAS Devices

Cyber Security Threat Summary:
Zxyel recently published security updates to address a critical command injection vulnerability impacting its Network Attached Storage (NAS) devices, warning customers to update their firmware. Tracked as CVE-2023-27992, the vulnerability is due to a pre-authentication command injection problem that could enable an unauthenticated attacker to execute operating system commands on the impacted device via specially crafted HTTP requests.

Below is a list of the impacted devices and firmware versions, with the relevant patched releases for each product:

  • NAS326 – impacts V5.21(AAZF.13)C0 and earlier, fixed in V5.21(AAZF.14)C0
  • NAS540 – impacts V5.21(AATB.10)C0 and earlier, fixed in V5.21(AATB.11)C0
  • NAS542 – impacts V5.21(ABAG.10)C0 and earlier, fixed in V5.21(ABAG.11)C0

    Security Officer Comments:
    Although NAS devices offer a convenient and low-cost storage solution, these devices pose many security risks as they are connected to the internet and come with default configurations that are often times left unchanged. In the case of CVE-2023-27992, a threat actor could exploit this vulnerability to take complete control of the device. From here, they could then gain access to any sensitive or personal data that is stored on the device.

    Suggested Correction(s):
    There are currently no workarounds for CVE-2023-27992 so users should apply the latest firmware patches as soon as possible to prevent potential exploitation attempts. Please refer to Zyxel’s advisory down below to access the patches released for each of the impacted devices: https://www.zyxel.com/global/en/sup...mmand-injection-vulnerability-in-nas-products

    Link(s):
    https://www.bleepingcomputer.com/

    Contact Us for Threat Assistance
    Back to Current Threats