10.3 C
New York
Monday, March 4, 2024

Zyxel Releases Patches to Repair 15 Flaws in NAS, Firewall, and AP Gadgets


Dec 01, 2023NewsroomFirewall / Community Safety

Zyxel

Zyxel has launched patches to deal with 15 safety points impacting network-attached storage (NAS), firewall, and entry level (AP) gadgets, together with three essential flaws that might result in authentication bypass and command injection.

The three vulnerabilities are listed beneath –

  • CVE-2023-35138 (CVSS rating: 9.8) – A command injection vulnerability that might enable an unauthenticated attacker to execute some working system instructions by sending a crafted HTTP POST request.
  • CVE-2023-4473 (CVSS rating: 9.8) – A command injection vulnerability within the internet server that might enable an unauthenticated attacker to execute some working system instructions by sending a crafted URL to a weak gadget.
  • CVE-2023-4474 (CVSS rating: 9.8) – An improper neutralization of particular parts vulnerability that might enable an unauthenticated attacker to execute some working system instructions by sending a crafted URL to a weak gadget.

Additionally patched by Zyxel are three high-severity flaws (CVE-2023-35137, CVE-2023-37927, and CVE-2023-37928) that, if efficiently exploited, might enable attackers to acquire system info and execute arbitrary instructions. It is value noting that each CVE-2023-37927 and CVE-2023-37928 require authentication.

Cybersecurity

The failings influence the next fashions and variations –

  • NAS326 – variations V5.21(AAZF.14)C0 and earlier (Patched in V5.21(AAZF.15)C0)
  • NAS542 – variations V5.21(ABAG.11)C0 and earlier (Patched in V5.21(ABAG.12)C0)

The advisory comes days after the Taiwanese networking vendor shipped fixes for 9 flaws in choose firewall and entry level (AP) variations, a few of which might be weaponized to entry system recordsdata and administrator logs, in addition to trigger a denial-of-service (DoS) situation.

With Zyxel gadgets typically exploited by risk actors, it is extremely beneficial that customers apply the newest updates to mitigate potential threats.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles