{"id":164150,"date":"2024-06-05T08:01:38","date_gmt":"2024-06-05T08:01:38","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164150"},"modified":"2024-06-05T08:01:40","modified_gmt":"2024-06-05T08:01:40","slug":"zyxel-rce-eof-nas-devices","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164150\/security\/zyxel-rce-eof-nas-devices.html","title":{"rendered":"Zyxel addressed three RCEs in end-of-life NAS devices"},"content":{"rendered":"
<\/div>\n

Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices.<\/h2>\n\n\n\n

Zyxel Networks released an emergency security update to address three critical flaws in some of its NAS devices that have reached end-of-life.<\/p>\n\n\n\n

An attacker can exploit the vulnerabilities to perform command injection attacks and achieve remote code execution. Two flaws can also allow attackers to elevate privileges.<\/p>\n\n\n\n

The Outpost24 researcher\u00a0Timothy Hjort reported the flaw to the manufacturer and published<\/strong><\/a> a detailed analysis and PoC exploit codes for the flaws.<\/gwmw><\/p>\n\n\n\n

Below is the list impacting the Zyxel NAS devices:<\/gwmw><\/p>\n\n\n\n