← back
CVE-2023-27988

CVE-2023-27988

CVSS 7.2 HIGHEPSS 1.4%CWE-78
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · NAS326 firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products