Zyxel Security Flaw Fixed in Network-Attached Storage Devices
Networking hardware and software company, Zyxel, recently released security updates to address a critical security flaw in its network-attached storage (NAS) devices. This flaw could result in the execution of arbitrary commands on affected systems, posing a significant security risk to users.
A Critical Vulnerability
Tracked as CVE-2023-27992 (CVSS score: 9.8), this issue has been described as a pre-authentication command injection vulnerability. This means that an attacker could execute arbitrary commands on the affected system without any prior authentication, allowing them to take full control of the device.
Prevention is Key
Zyxel has urged all affected users to update their devices to the latest firmware as soon as possible to avoid the looming security threats caused by the vulnerability. It is also recommended for users to back up their data, in the event that a firmware update might cause a data loss.
The Importance of Prompt Action
This is not the first time Zyxel devices have been targeted by cybercriminals. In March 2020, the company had to address a sophisticated state-sponsored attack that leveraged previously unknown vulnerabilities affecting its VPNs and security appliances. However, the risk caused by the CVE-2023-27992 vulnerability emphasizes the need for prompt action to be taken to improve the devices’ security posture.
The recent security flaw in Zyxel’s network-attached storage devices poses a significant security risk to users. With the potential for arbitrary commands to be executed on affected systems, users must update their devices to the latest firmware as soon as possible. Otherwise, they risk giving attackers full control of their systems.Original Article: https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html