Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 466
Alerts This Week
Warning Icon 1 466

Zyxel NAS Devices Critical Update: Command Injection Risk

7.Locks HexConnections Esm H446

IoT cybersecurity company Sternum has identified a security vulnerability affecting Zyxel Networks’ Linux-operated NAS drives, including NAS326, NAS540, and NAS542 models, running on firmware version 5.21.

Zyxel Networks’ advisory reads: “The post-authentication command injection vulnerability has been found in the web management interface of some NAS versions,” citing firmware 5.21 and previous versions.

Users are being urged to patch their NAS drives with the latest firmware, which is also identified as 5.21, in order to protect their devices.

Specifically, NAS326 owners are being told to update from 5.21 (AAZF.12)C0 to (AAZF.13)C0, NAS540 from (AATB.9)C0 to (AATB.10)C0, and NAS542 from (ABAG.9)C0 to (ABAG.10)C0. The updates are available from the Zyxel website