Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34747: Zyxel security advisory for format string vulnerability in NAS

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

CVE
#vulnerability#rce#auth
  1. Homepage
  2. Support
  3. Security Advisories
  4. Zyxel security advisory for format string vulnerability in NAS

CVE: CVE-2022-34747

Summary

Zyxel has released patches for NAS products affected by a format string vulnerability. Users are advised to install them for optimal protection.

What is the vulnerability?

A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

What versions are vulnerable—and what should you do?

After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

Acknowledgment

Thanks to Shaposhnikov Ilya for reporting the issue to us.

Revision history

2022-09-06: Initial release

Related news

Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices. Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a "format string vulnerability" affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw. "A format string vulnerability was found in a

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907