Description
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
Published: 2024-01-30
Score: 7.2 High
EPSS: 28.5% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

No history.

Subscriptions

Zyxel Nas326 Nas326 Firmware Nas542 Nas542 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2024-08-23T18:58:04.490Z

Reserved: 2023-10-04T03:32:04.281Z

Link: CVE-2023-5372

cve-icon Vulnrichment

Updated: 2024-08-02T07:59:44.902Z

cve-icon NVD

Status : Modified

Published: 2024-01-30T01:15:59.063

Modified: 2026-06-17T06:48:27.030

Link: CVE-2023-5372

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')