CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. Vendor/Product: Zyxel Multiple Network-Attached Storage (NAS) Devices. Added to CISA KEV 2022-03-25; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2020-9054