** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
An attacker sends a crafted HTTP POST request containing a malicious payload in the "setCookie" parameter. The device firmware does not properly validate the transmitted data, resulting in its direct passage to the operating system command interpreter (CWE-78). The attack requires no authentication or user interaction and can be carried out remotely over the network.
An attacker can remotely execute arbitrary operating system commands on a vulnerable NAS device, which can consequently lead to complete takeover of the device, data leakage from stored information, or system integrity violation.
Update Zyxel NAS326 firmware to version V5.21(AAZF.17)C0 or newer and Zyxel NAS542 to version V5.21(ABAG.14)C0 or newer according to manufacturer recommendations. Due to the unsupported status of these devices, it is recommended to consider replacing them with currently supported models and restricting access to the device management interface to trusted networks or IP addresses only.
Zyxel NAS326 with firmware versions earlier than V5.21(AAZF.17)C0 and Zyxel NAS542 with firmware versions earlier than V5.21(ABAG.14)C0. The manufacturer marked the products as unsupported at the time of CVE assignment (UNSUPPORTED WHEN ASSIGNED).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZyxel Nas326
HWZyxelwszystkie wersjeZyxel Nas326 Firmware
OSZyxel< 5.21\(aazf.17\)c0Zyxel Nas542
HWZyxelwszystkie wersjeZyxel Nas542 Firmware
OSZyxel< 5.21\(abag.14\)c0
Related vulnerabilities
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AA...
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authenticati...
Command injection w Zyxel NAS326/NAS542 — zdalne wykonanie poleceń OS
RCE w Zyxel NAS326/NAS542 — nieuwierzytelnione wykonanie kodu przez upload pliku
Command injection w Zyxel NAS326/NAS542 — nieuwierzytelnione RCE