Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator privileges could leverage this vulnerability to execute some operating system (OS) commands on an affected device remotely,” Zyxel has confirmed. The following versions of the Zyxel NAS devices are affected: NAS326 version 5.21(AAZF.12)C0 … More
The post Zyxel patches vulnerability in NAS devices (CVE-2023-27988) appeared first on Help Net Security.