Critical Zyxel NAS vulnerabilities patched, update quickly!

Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper authentication vulnerability (CVE-2023-35137) in the devices’ authentication module, and may allow unauthenticated attackers to grab system information by sending a specially crafted URL to a vulnerable device. The remaining five (CVE-2023-35138, CVE-2023-37927, CVE-2023-37928, … More →

The post …

attackers authentication command command injection critical cve devices don't miss exploited flaws hot stuff ibm x-force injection may nas network quickly security security holes security update storage unauthenticated update vulnerabilities vulnerabilities patched vulnerability zyxel