Unrated severityCISA KEVNVD Advisory· Published Jun 19, 2023· Updated Oct 21, 2025

CVE-2023-27992

Description

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

Affected products

Zyxel/NAS326 firmwarev5
Range: < V5.21(AAZF.14)C0
Zyxel/NAS540 firmwarev5
Range: < V5.21(AATB.11)C0
Zyxel/NAS542 firmwarev5
Range: < V5.21(ABAG.11)C0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-productsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000