CVE-2023-27988
Summary
| CVE | CVE-2023-27988 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-30 02:15:00 UTC |
| Updated | 2023-06-02 19:49:00 UTC |
| Description | The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Zyxel | Nas326 | - | All | All | All |
| Operating System | Zyxel | Nas326 Firmware | All | All | All | All |
| Hardware | Zyxel | Nas540 | - | All | All | All |
| Operating System | Zyxel | Nas540 Firmware | All | All | All | All |
| Hardware | Zyxel | Nas542 | - | All | All | All |
| Operating System | Zyxel | Nas542 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zyxel security advisory for post-authentication command injection vulnerability in NAS products | Zyxel Networks | CONFIRM | www.zyxel.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.