CVE-2023-37928

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-30 02:15

Updated : 2023-12-06 01:15

NVD link : CVE-2023-37928

Mitre link : CVE-2023-37928

CVE.ORG link : CVE-2023-37928

JSON object : View

Products Affected

zyxel

nas542_firmware
nas326
nas542
nas326_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-37928", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-11-30T02:15:43.137", "references": [{"url": "https://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/", "source": "security@zyxel.com.tw"}, {"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products", "tags": ["Patch", "Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en el servidor WSGI de la versi\u00f3n de firmware V5.21(AAZF.14)C0 de Zyxel NAS326 y la versi\u00f3n de firmware NAS542 V5.21(ABAG.11)C0 podr\u00eda permitir que un atacante autenticado ejecute alg\u00fan sistema operativo ( OS) enviando una URL manipulada a un dispositivo vulnerable."}], "lastModified": "2023-12-06T01:15:07.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "897157F4-9F3E-4F03-91DF-6223C1BAA451", "versionEndIncluding": "5.21\\(aazf.14\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D05F3-0FBD-43D0-8041-2AAF822B83C5", "versionEndIncluding": "5.21\\(abag.11\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}