HomeCyber BalkansZyxel Injection Vulnerability Enables Execution of OS Commands by Attackers

Zyxel Injection Vulnerability Enables Execution of OS Commands by Attackers

Published on

spot_img

Zyxel, a prominent networking products manufacturing company, has recently been facing a critical security issue in its Network-Attached Storage (NAS) devices. The company, known for its telecommunications products and services, has customers worldwide, with a significant presence in the United States, the United Kingdom, France, and India.

The security vulnerability in Zyxel NAS devices was discovered by two security researchers, Andrej Zaujec from NCSC-FI and Maxim Suslov. This vulnerability, identified as CVE-2023-27992, is a pre-authentication command injection vulnerability that allows remote attackers to execute operating system commands by sending malicious HTTP requests.

This particular vulnerability exists in some of the products within the Zyxel NAS firmware. It can be exploited by an unauthenticated attacker through crafted HTTP requests. The severity of this vulnerability is classified as critical, with a CVSS Score of 9.8.

To mitigate the risk associated with this vulnerability, users of Zyxel NAS products are strongly advised to update their devices to the latest software version. By doing so, they can prevent potential attackers from taking advantage of this security flaw.

Zyxel, a subsidiary of Unizyx Holding Corporation, is a well-established company in the telecommunications industry. With an impressive revenue of 32 billion Taiwanese Dollars in 2021 and a global workforce of over 650 employees, Zyxel specializes in various products, including 5G/4G NR, DSL, modems, VoIP telephones, and other telecommunication devices.

The company has a rich history of innovation, having introduced the world’s first ADSL2+ gateway in 2004 and palm-sized portable firewalls in 2005. Zyxel continues to strive for excellence in providing cutting-edge solutions to its customers.

In response to the recent security vulnerability, Zyxel has released an advisory urging its customers to update their NAS products to the latest software version. This proactive approach indicates the company’s commitment to ensuring the security and integrity of its products.

In today’s digital landscape, where cyber threats are becoming increasingly sophisticated, it is crucial for companies like Zyxel to remain vigilant and address any vulnerabilities promptly. By promptly addressing such security issues and providing necessary updates, Zyxel demonstrates its dedication to customer safety.

As organizations and individuals rely heavily on network devices, such as NAS products, for data storage and access, maintaining a secure environment is paramount. The discovery of vulnerabilities like the one in Zyxel NAS devices serves as a reminder that manufacturers and users must continuously prioritize cybersecurity.

To further enhance security measures, businesses are advised to explore AI-based email security solutions that can protect against email threats. These solutions offer advanced features and capabilities to detect and mitigate potential risks, safeguarding sensitive information and maintaining the integrity of business communications.

In conclusion, Zyxel’s recent encounter with a critical security vulnerability in its NAS devices highlights the importance of regular software updates and proactive cybersecurity measures. By promptly addressing vulnerabilities and providing necessary fixes, Zyxel demonstrates its commitment to customer safety. As cyber threats continue to evolve, it is vital for manufacturers and users to remain vigilant and prioritize cybersecurity at all times.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish