Networking tools maker Zyxel has launched patches for a important safety flaw impacting its network-attached storage (NAS) units.
Tracked as CVE-2022-34747 (CVSS rating: 9.8), the difficulty pertains to a “format string vulnerability” affecting NAS326, NAS540, and NAS542 fashions. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw.
“A format string vulnerability was present in a particular binary of Zyxel NAS merchandise that might enable an attacker to attain unauthorized distant code execution by way of a crafted UDP packet,” the corporate stated in an advisory launched on September 6.
The flaw impacts the next variations –
- NAS326 (V5.21(AAZF.11)C0 and earlier)
- NAS540 (V5.21(AATB.8)C0 and earlier), and
- NAS542 (V5.21(ABAG.8)C0 and earlier)
The disclosure comes as Zyxel beforehand addressed native privilege escalation and authenticated listing traversal vulnerabilities (CVE-2022-30526 and CVE-2022-2030) affecting its firewall merchandise in July.
Hacking NAS units is changing into a typical follow. For those who do not take precautions or preserve the software program updated, attackers can steal your delicate and private knowledge. In some cases, they even handle to completely delete knowledge.
In June 2022, it additionally remediated a safety vulnerability (CVE-2022-0823) that left GS1200 collection switches vulnerable to password-guessing assaults by way of a timing side-channel assault.