CVE-2022-34747
https://notcve.org/view.php?id=CVE-2022-34747
A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Una vulnerabilidad de cadena de formato en Zyxel NAS326 versiones de firmware anteriores a V5.21(AAZF.12)C0, podría permitir a un atacante lograr una ejecución remota no autorizada de código por medio de un paquete UDP diseñado. • https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml • CWE-134: Use of Externally-Controlled Format String •
CVE-2020-13365
https://notcve.org/view.php?id=CVE-2020-13365
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. Determinados productos Zyxel tienen un binario accesible localmente que permite a un usuario no root generar una contraseña para una cuenta de usuario no documentada que puede ser usada para una sesión de TELNET como root. Esto afecta a NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, y V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, y V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 y V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 y 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, y V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 y V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; y NAS540 V5.21(AATB.5)C0 y V5.21(AATB.3)C0 • https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml https://www.zyxel.com/us/en/support/security_advisories.shtml • CWE-287: Improper Authentication •
CVE-2020-13364
https://notcve.org/view.php?id=CVE-2020-13364
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. Una backdoor en determinados productos Zyxel permite el acceso remoto a TELNET por medio de un script CGI. Esto afecta a NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0 • https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml https://www.zyxel.com/us/en/support/security_advisories.shtml •
CVE-2020-9054 – Zyxel Multiple NAS Devices OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. • https://github.com/darrenmartyn/CVE-2020-9054 https://cwe.mitre.org/data/definitions/78.html https://kb.cert.org/artifacts/cve-2020-9054.html https://kb.cert.org/vuls/id/498544 https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-10634
https://notcve.org/view.php?id=CVE-2019-10634
An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. Una vulnerabilidad de tipo XSS en NAS 326 de Zyxel versión 5.21 y anteriores, permite que un atacante remoto identificado inyecte JavaScript o HTML arbitrario por medio de los campos de descripción de usuario, grupo y recurso compartido de archivos. • http://maxwelldulin.com/BlogPost?post=3236967424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •