Zyxel security advisory for format string vulnerability in NAS




CVE: CVE-2022-34747
Summary
Zyxel has released patches for NAS products affected by a format string vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A format string vulnerability was found in a
specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
What versions are vulnerable-and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.
Affected model |
Affected version |
Patch availability |
NAS326 |
V5.21(AAZF.11)C0 and earlier |
|
NAS540 |
V5.21(AATB.8)C0 and earlier |
|
NAS542 |
V5.21(ABAG.8)C0 and earlier |
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Acknowledgment
Thanks to Shaposhnikov Ilya for reporting the issue to us.
Revision history
2022-09-06: Initial release.
Categories
- All Categories
- 184 Beta Program
- 1.7K Nebula
- 90 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 915 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 984 FAQ
- 427 Nebula FAQ
- 255 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 66 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight