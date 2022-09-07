Zyxel announced that a vulnerability, that has a CVSS score of 9.8, is affecting three models of NAS products.

The affected models and versions are: NAS326: V5.21(AAZF.11)C0 and earlier, NAS540: V5.21(AATB.8)C0 and earlier, and NAS542: V5.21(ABAG.8)C0 and earlier.

The vulnerability was found in a specific binary of Zyxel NAS products , allowing attackers to achieve remote code execution.

Zyxel published a new security advisory to inform its users about a new vulnerability that impacts three models of its Network Attached Storage products. The vulnerability tracked as CVE-2022-34747, has a CVSS v3 severity score of 9.8. The vulnerability was reported by security researcher Shaposhnikov Ilya on June 2022.

Affected devices

According to Zyxel’s advisory, the vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. After the investigation, vulnerable products are identified. Affected models and affected versions are:

NAS326: V5.21(AAZF.11)C0 and earlier

NAS540: V5.21(AATB.8)C0 and earlier

NAS542: V5.21(ABAG.8)C0 and earlier

The company didn’t share any detailed information about the vulnerability but urged users to install the patches as soon as possible. To download the latest firmware updates, you can visit Zyxel’s official download page and search your device model.