NAS326

CVEs (13)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2020-9054	Zyxel NAS326	0.20	—	0.94	KEV	Mar 4, 2020	Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve…
CVE-2023-27992	Zyxel NAS326	0.19	—	0.87	KEV	Jun 19, 2023	The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…
CVE-2024-29973	Zyxel NAS326	0.08	—	0.94		Jun 4, 2024	UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating…
CVE-2024-29972	Zyxel NAS326	0.07	—	0.92		Jun 4, 2024	UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some…
CVE-2024-29974	Zyxel NAS326	0.03	—	0.44		Jun 4, 2024	UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute…
CVE-2023-4473	Zyxel NAS326	0.03	—	0.33		Nov 30, 2023	A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable…
CVE-2024-6342	Zyxel NAS326	0.01	—	0.07		Sep 10, 2024	UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system…
CVE-2023-4474	Zyxel NAS326	0.01	—	0.13		Nov 30, 2023	The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL…
CVE-2024-29976	Zyxel NAS326	0.00	—	0.06		Jun 4, 2024	UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain…
CVE-2024-29975	Zyxel NAS326	0.00	—	0.00		Jun 4, 2024	UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with…
CVE-2023-37928	Zyxel NAS326	0.00	—	0.02		Nov 30, 2023	A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted…
CVE-2023-37927	Zyxel NAS326	0.00	—	0.01		Nov 30, 2023	The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to…
CVE-2023-27988	Zyxel NAS326	0.00	—	0.01		May 30, 2023	The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

CVE-2020-9054KEVMar 4, 2020
Zyxel
NAS326
risk 0.20cvss —epss 0.94
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve…
CVE-2023-27992KEVJun 19, 2023
Zyxel
NAS326
risk 0.19cvss —epss 0.87
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…
CVE-2024-29973Jun 4, 2024
Zyxel
NAS326
risk 0.08cvss —epss 0.94
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating…
CVE-2024-29972Jun 4, 2024
Zyxel
NAS326
risk 0.07cvss —epss 0.92
** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some…
CVE-2024-29974Jun 4, 2024
Zyxel
NAS326
risk 0.03cvss —epss 0.44
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute…
CVE-2023-4473Nov 30, 2023
Zyxel
NAS326
risk 0.03cvss —epss 0.33
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable…
CVE-2024-6342Sep 10, 2024
Zyxel
NAS326
risk 0.01cvss —epss 0.07
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system…
CVE-2023-4474Nov 30, 2023
Zyxel
NAS326
risk 0.01cvss —epss 0.13
The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL…
CVE-2024-29976Jun 4, 2024
Zyxel
NAS326
risk 0.00cvss —epss 0.06
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain…
CVE-2024-29975Jun 4, 2024
Zyxel
NAS326
risk 0.00cvss —epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with…
CVE-2023-37928Nov 30, 2023
Zyxel
NAS326
risk 0.00cvss —epss 0.02
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted…
CVE-2023-37927Nov 30, 2023
Zyxel
NAS326
risk 0.00cvss —epss 0.01
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to…
CVE-2023-27988May 30, 2023
Zyxel
NAS326
risk 0.00cvss —epss 0.01
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.