Zyxel Nas326_firmware

24 CVEs affecting Zyxel Nas326_firmware. Latest disclosed: 2024-09-10. Critical: 10, High: 10.

Top CVEs affecting Zyxel Nas326_firmware
CVESeverityScorePublishedSummary
CVE-2024-6342Critical9.82024-09-10**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542…
CVE-2024-29974Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZ…
CVE-2024-29973Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and…
CVE-2024-29972Critical9.82024-06-04** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17…
CVE-2023-4474Critical9.82023-11-30The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG…
CVE-2023-4473Critical9.82023-11-30A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could al…
CVE-2023-35138Critical9.82023-11-30A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware versi…
CVE-2023-27992Critical9.82023-06-19The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21…
CVE-2022-34747Critical9.82022-09-06A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution…
CVE-2020-9054Critical9.82020-03-04Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may all…
CVE-2023-37928High8.82023-11-30A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.2…
CVE-2023-37927High8.82023-11-30The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG…
CVE-2020-13365High8.82020-08-06Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used fo…
CVE-2020-13364High8.82020-08-06A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V…
CVE-2019-10633High8.82019-04-09An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute…
CVE-2019-10631High8.82019-04-09Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via m…
CVE-2019-10630High8.82019-04-09A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device.
CVE-2023-35137High7.52023-11-30An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(A…
CVE-2023-5372High7.22024-01-30The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(A…
CVE-2023-27988High7.22023-05-30The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker w…