Vulnerability Details CVE-2023-27988
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 7.2
References
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products
Products affected by CVE-2023-27988
-
cpe:2.3:h:zyxel:nas326:-
-
cpe:2.3:h:zyxel:nas540:-
-
cpe:2.3:h:zyxel:nas542:-
-
cpe:2.3:o:zyxel:nas326_firmware:-
-
cpe:2.3:o:zyxel:nas326_firmware:5.21
-
cpe:2.3:o:zyxel:nas326_firmware:5.21(aazf.12)c0
-
cpe:2.3:o:zyxel:nas326_firmware:5.21(aazf.7)c0
-
cpe:2.3:o:zyxel:nas540_firmware:-
-
cpe:2.3:o:zyxel:nas540_firmware:5.21(aatb.4)c0
-
cpe:2.3:o:zyxel:nas540_firmware:5.21(aatb.9)c0
-
cpe:2.3:o:zyxel:nas542_firmware:-
-
cpe:2.3:o:zyxel:nas542_firmware:5.21(abag.4)c0
-
cpe:2.3:o:zyxel:nas542_firmware:5.21(abag.9)c0