Critical Vulnerability Patched in Zyxel NAS Products

Zyxel-Vulnerability-Featured-Image

⚡ TL;DR | Go Straight to the Zyxel NAS Report

Zyxel has released a number of firmware patches for their NAS products in response to a format string vulnerability. This vulnerability would allow an attacker to achieve unauthorized remote code execution which can be abused in many different ways, including elevation of privilege or to bypass user authetication. This could in turn allow a malicious actor to steal or delete data, or to deploy ransomware on NAS devices that are exposed to the internet.

CVE-2022-34747

The vulnerability tracked as CVE-2022-34747 received a critical CVSS score of 9.8 and would allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Three models of Zyxel NAS products where identified that are vulnerable and still within their vulnerability support period: NAS326, NAS540, and NAS542. The available patches can be found in Zyxel's security advisory.

Affected modelAffected versionPatched version
NAS326V5.21(AAZF.11)C0 and earlierV5.21(AAZF.12)C0
NAS540V5.21(AATB.8)C0 and earlierV5.21(AATB.9)C0
NAS542V5.21(ABAG.8)C0 and earlierV5.21(ABAG.9)C0

Find Vulnerable Zyxel NAS Devices

To help with mitigating the risk of this vulnerability as soon as possible, we've created a report to list all Zyxel NAS products along with details like the model, description, location, and more. This way you have an actionable list of devices that might require a patch.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​