Networking tools maker Zyxel has produced patches for a critical security flaw impacting its network-hooked up storage (NAS) products.
Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a “format string vulnerability” impacting NAS326, NAS540, and NAS542 versions. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw.
“A structure string vulnerability was uncovered in a distinct binary of Zyxel NAS items that could let an attacker to achieve unauthorized remote code execution by means of a crafted UDP packet,” the corporation said in an advisory produced on September 6.
The flaw has an effect on the pursuing variations –
- NAS326 (V5.21(AAZF.11)C0 and previously)
- NAS540 (V5.21(AATB.8)C0 and before), and
- NAS542 (V5.21(ABAG.8)C0 and earlier)
The disclosure will come as Zyxel previously dealt with area privilege escalation and authenticated directory traversal vulnerabilities (CVE-2022-30526 and CVE-2022-2030) affecting its firewall items in July.
Hacking NAS gadgets is getting to be a frequent follow. If you will not acquire safety measures or preserve the computer software up to date, attackers can steal your delicate and private details. In some scenarios, they even take care of to completely delete knowledge.
In June 2022, it also remediated a security vulnerability (CVE-2022-0823) that remaining GS1200 sequence switches inclined to password-guessing attacks through a timing facet-channel attack.
Found this post interesting? Adhere to THN on Facebook, Twitter and LinkedIn to go through a lot more distinctive material we post.
Some components of this posting are sourced from: