CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

History

02 Jun 2023, 19:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
CWE		CWE-78
CPE		cpe:2.3:o:zyxel:nas542_firmware:::::::: cpe:2.3:o:zyxel:nas326_firmware:::::::: cpe:2.3:h:zyxel:nas326:-:::::::* cpe:2.3:h:zyxel:nas542:-:::::::* cpe:2.3:h:zyxel:nas540:-:::::::* cpe:2.3:o:zyxel:nas540_firmware::::::::
References	~~(CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products -~~	(CONFIRM) https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products - Patch, Vendor Advisory

30 May 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-30 02:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-27988

Mitre link : CVE-2023-27988

CVE.ORG link : CVE-2023-27988

JSON object : View

Products Affected

zyxel

nas542
nas540_firmware
nas326
nas542_firmware
nas540
nas326_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-27988", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-05-30T02:15:33.533", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products", "tags": ["Patch", "Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely."}], "lastModified": "2023-06-02T19:49:17.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABB5E01D-5683-4F16-9391-D4BE1631C144", "versionEndExcluding": "5.21\\(aazf.13\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "204166D8-2841-4D98-BF81-BB690175255C", "versionEndExcluding": "5.21\\(aatb.10\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2F7264C-D32A-4EE9-BADC-78518D762BCA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18D68590-E75B-4D17-BCE3-CB427190F278", "versionEndExcluding": "5.21\\(abag.10\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}