Cybersecurity Threat Advisory: Command injection flaw in Zyxel NAS Devices

Zyxel, a networking equipment manufacturer, has released urgent security updates to address critical vulnerabilities in its products. CVE-2023-27992 (CVSS score: 9.8) has been declared as a pre-authentication command injection vulnerability.

What is the threat?

The threat involves multiple vulnerabilities affecting Zyxel network-attached storage devices, including firewalls, VPN gateways, and access point controllers. These vulnerabilities are primarily classified as remote code execution (RCE). Attackers can take advantage and exploit these vulnerabilities.

Why is it noteworthy?

This threat is noteworthy due to the potential impact it can have on organizations relying on Zyxel networking equipment. If exploited, these vulnerabilities can lead to unauthorized access, compromising network integrity, stealing sensitive information, or disrupting network operations. Zyxel devices are used globally, and these vulnerabilities can pose significant risks to organizations across various industries.

What is the exposure or risk?

Organizations that use vulnerable Zyxel devices are exposed to potential attacks that can result in unauthorized access to critical systems, data breaches, or disruption of network services.

What are the recommendations?

Barracuda SOC recommends the following actions to mitigate the risk associated with these vulnerabilities:

  1. Apply security updates: Update Zyxel products to the latest versions provided by Zyxel to address the identified vulnerabilities.
  2. Network segmentation: Limit potential impact of the compromise by segmenting the network.
  3. Strong access controls: Enforce strong and unique passwords for all devices and implement two-factor authentication where possible to add an additional layer of security.
  4. Security awareness training: Educate employees about the risks of CVE-2023-27992 vulnerability. Promote a culture of cybersecurity awareness, emphasizing the importance pre-authentication command injection. Proactive security measures and prompt patching are vital to maintaining a robust cybersecurity posture.


For more in-depth information about the recommendations, please visit the following links:

If you have any questions regarding this Cybersecurity Threat Advisory, please contact our Security Operations Center.

This post originally appeared on Smarter MSP.