VIR Vulnerability Intelligence Relay

CVE-2023-27992

unknown KEV
Published 2023-06-23 · Modified 2023-06-23
CVSS v3
CVSS v2
VIR risk
1.5

Description

Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.

CISA KEV

Vendor
Zyxel
Product
Multiple Network-Attached Storage (NAS) Devices
Due date
2023-07-14

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.