CVE-2023-27992

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-19 12:15

Updated : 2023-06-27 12:49

NVD link : CVE-2023-27992

Mitre link : CVE-2023-27992

CVE.ORG link : CVE-2023-27992

JSON object : View

Products Affected

zyxel

nas542
nas326_firmware
nas542_firmware
nas540_firmware
nas540
nas326

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-27992", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-06-19T12:15:09.433", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products", "tags": ["Patch", "Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request."}], "lastModified": "2023-06-27T12:49:34.573", "cisaActionDue": "2023-07-14", "cisaExploitAdd": "2023-06-23", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1C7EF7A-7A3B-4DAB-B42A-2C84F861A5D2", "versionEndIncluding": "5.21\\(aazf.13\\)c0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2F7264C-D32A-4EE9-BADC-78518D762BCA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E8018F0-97F9-46E1-954B-08BA1BCE33AB", "versionEndIncluding": "5.21\\(aatb.10\\)c0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F106841-EEF2-4EFA-BD32-514AF9C74F22", "versionEndIncluding": "5.21\\(abag.10\\)c0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Zyxel Multiple NAS Devices Command Injection Vulnerability"}