Zyxel fixes major vulnerability in home NAS devices

Zyxel, a company renowned for the production of network connected storage devices (NAS) for home use, has solved a significant security problem. The vulnerability, named CVE-2023-27988, was a high-severity security risk involving authenticated command injection. This security issue was seen in the device web management interface.

Impact of the vulnerability on devices and users

This specific vulnerability, as confirmed by Zyxel, would have allowed an authenticated attacker with administrative privileges to remotely execute certain operating system (OS) commands on an affected device. The attack could therefore have caused significant damage if not properly resolved.

Affected Zyxel device versions

The Zyxel NAS device models affected by this vulnerability are as follows:

• NAS326 version 5.21(AAZF.12)C0 and earlier
• NAS540 version 5.21(AAZF.9)C0 and earlier
• NAS542 version 5.21(AAZF.9)C0 and earlier

Vulnerability analysis and corrective measures

Sternum researchers have reported the vulnerability, released a root cause analysis of the flaw and described how they caused target devices to perform unexpected actions. These tests confirmed that an authenticated user could exploit the vulnerability to execute an arbitrary system command with root privileges on the device. As a result, the vulnerability could be used for more malicious purposes, such as remote injection of malware. Zyxel released firmware patches on Tuesday, May 30, advising users to implement them as quickly as possible. At the moment, there are no indications on possible alternative solutions. While there are no reports yet of attackers exploiting this vulnerability, it is important to note that NAS devices are generally attractive targets for cybercriminals, as evidenced by previous ransomware attacks targeting QNAP NAS devices.