Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Zyxel's NAS Devices
Alerts

Critical Vulnerability in Zyxel's NAS Devices

13 September 2024

Zyxel has released hotfixes to address a critical vulnerability (CVE-2024-6342) affecting their network-attached storage (NAS) devices. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute operating system (OS) commands by sending a crafted HTTP POST request.

The vulnerability affects the following product versions:

  • Zyxel NAS326, V5.21(AAZF.18)C0 and earlier

  • Zyxel NAS542, V5.21(ABAG.15)C0 and earlier


Users and administrators of affected product versions are advised to implement the available hotfixes immediately.

More information is available here: 

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024
https://www.helpnetsecurity.com/2024/09/10/cve-2024-6342/ 

Back to top