CVE-2023-27992

Zyxel Multiple NAS Devices Command Injection Vulnerability

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request. Vendor/Product: Zyxel Multiple Network-Attached Storage (NAS) Devices. Added to CISA KEV 2023-06-23; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2023-27992