PRUEBA AHORA
Vulnerability

Critical Vulnerability Patched in Zyxel NAS Products

2 min. read
07/09/2022
By Laura Libeer
Zyxel-Vulnerability-Featured-Image

⚡ TL;DR | Go Straight to the Zyxel NAS Report

Zyxel has released a number of firmware patches for their NAS products in response to a format string vulnerability. This vulnerability would allow an attacker to achieve unauthorized remote code execution which can be abused in many different ways, including elevation of privilege or to bypass user authetication. This could in turn allow a malicious actor to steal or delete data, or to deploy ransomware on NAS devices that are exposed to the internet.

CVE-2022-34747

The vulnerability tracked as CVE-2022-34747 received a critical CVSS score of 9.8 and would allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Three models of Zyxel NAS products where identified that are vulnerable and still within their vulnerability support period: NAS326, NAS540, and NAS542. The available patches can be found in Zyxel’s security advisory.

Affected modelAffected versionPatched version
NAS326V5.21(AAZF.11)C0 and earlierV5.21(AAZF.12)C0
NAS540V5.21(AATB.8)C0 and earlierV5.21(AATB.9)C0
NAS542V5.21(ABAG.8)C0 and earlierV5.21(ABAG.9)C0

Find Vulnerable Zyxel NAS Devices

To help with mitigating the risk of this vulnerability as soon as possible, we’ve created a report to list all Zyxel NAS products along with details like the model, description, location, and more. This way you have an actionable list of devices that might require a patch.