VYPR

NAS326

by Zyxel

CVEs (22)

  • CVE-2020-9054CriKEVMar 4, 2020
    risk 0.84cvss 9.8epss 1.00

    Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve…

  • CVE-2023-27992CriKEVJun 19, 2023
    risk 0.82cvss 9.8epss 0.84

    The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to…

  • CVE-2024-29973CriJun 4, 2024
    risk 0.71cvss 9.8epss 0.86

    ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating…

  • CVE-2024-29972CriJun 4, 2024
    risk 0.71cvss 9.8epss 0.89

    ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some…

  • CVE-2023-4473CriNov 30, 2023
    risk 0.67cvss 9.8epss 0.41

    A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable…

  • CVE-2023-35138CriNov 30, 2023
    risk 0.67cvss 9.8epss 0.40

    A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by…

  • CVE-2024-29974CriJun 4, 2024
    risk 0.66cvss 9.8epss 0.23

    ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute…

  • CVE-2023-4474CriNov 30, 2023
    risk 0.66cvss 9.8epss 0.30

    The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL…

  • CVE-2024-6342CriSep 10, 2024
    risk 0.64cvss 9.8epss 0.02

    **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system…

  • CVE-2022-34747CriSep 6, 2022
    risk 0.64cvss 9.8epss 0.02

    A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

  • CVE-2023-37928HigNov 30, 2023
    risk 0.62cvss 8.8epss 0.60

    A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted…

  • CVE-2023-37927HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.02

    The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) commands by sending a crafted URL to…

  • CVE-2019-10633HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.03

    An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.

  • CVE-2019-10631HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.02

    Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests.

  • CVE-2019-10630HigApr 9, 2019
    risk 0.57cvss 8.8epss 0.01

    A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.

  • CVE-2023-5372HigJan 30, 2024
    risk 0.49cvss 7.2epss 0.28

    The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS)…

  • CVE-2023-35137HigNov 30, 2023
    risk 0.49cvss 7.5epss 0.01

    An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable…

  • CVE-2023-27988HigMay 30, 2023
    risk 0.47cvss 7.2epss 0.01

    The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

  • CVE-2024-29975MedJun 4, 2024
    risk 0.44cvss 6.7epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with…

  • CVE-2024-29976MedJun 4, 2024
    risk 0.43cvss 6.5epss 0.09

    ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain…

Page 1 of 2