Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

September 7, 2022

Networking devices manufacturer Zyxel has actually launched spots for an important protection imperfection influencing its network-attached storage space (NAS) tools.

Tracked as CVE-2022-34747 (CVSS rating: 9.8), the problem connects to a “layout string susceptability” influencing NAS326, NAS540, and also NAS542 versions. Zyxel attributed scientist Shaposhnikov Ilya for reporting the imperfection.

” A style string susceptability was discovered in a particular binary of Zyxel NAS items that might permit an aggressor to accomplish unapproved remote code implementation using a crafted UDP package,” the firm said in a consultatory launched on September 6.


The imperfection impacts the adhering to variations –

  • NAS326 (V5.21( AAZF.11) C0 and also earlier)
  • NAS540 (V5.21( AATB.8) C0 and also earlier), and also
  • NAS542 (V5.21( ABAG.8) C0 and also earlier)

The disclosure comes as Zyxel formerly dealt with neighborhood opportunity acceleration and also validated directory site traversal susceptabilities (CVE-2022-30526 and CVE-2022-2030) influencing its firewall program items in July.

Hacking NAS tools is ending up being an usual technique. If you do not take safety measures or maintain the software application approximately day, opponents can take your delicate and also individual information. In some circumstances, they also take care of to completely remove information.

In June 2022, it additionally remediated a safety susceptability (CVE-2022-0823) that left GS1200 collection changes at risk to password-guessing assaults using a timing side-channel strike.

Posted in SecurityTags:
Write a comment