Shaposhnikov Ilya alerted about a major security vulnerability, targeting Zyxel’s network-attached storage (NAS) devices. Patches for the vulnerability, identified as CVE-2022-34747, were released. The vulnerability officially described as a format string vulnerability, affects Zyxel NAS326 firmware versions before V5.21(AAZF.12)C0 and has a CVSS score of 9.8/10.
By sending specially created UDP packets to vulnerable products, an attacker could take advantage of the issue. The firm said in an alert that a successful flaw exploit might allow a hacker to run whatever code they want on the vulnerable device.
Zyxel provided security upgrades in May 2022 to address a number of vulnerabilities impacting a variety of products, including firewall, AP, and AP controller products.
These versions are affected by the flaw:
- NAS326 (versions before V5.21(AAZF.11)C0)
- NAS540 (versions prior to V5.21(AATB.8)C0), and
- Prior to V5.21(ABAG.8)C0, NAS542
This revelation follows Zyxel’s July patching of the CVE-2022-30526 and CVE-2022-2030 vulnerabilities impacting its firewall products, which affect local root access and authenticated directory traverse.
The four vulnerabilities with the com
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: