Free Trial

CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION

Description

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION
CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION

Contact us to get started

CVE-2024-31976 : ENGENIUS EWS356-FIR UP TO 1.1.30 CONTROLLER CONNECTIVITY OS COMMAND INJECTION

CVE-2024-31976 : ENGENIUS EWS356-FIR UP TO 1.1.30 CONTROLLER CONNECTIVITY OS COMMAND INJECTION

Description EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity

Learn more
CVE-2024-42327 : ZABBIX UP TO 6.0.31/6.4.16/7.0.1 API ADDRELATED OBJECTS SQL INJECTION

CVE-2024-42327 : ZABBIX UP TO 6.0.31/6.4.16/7.0.1 API ADDRELATED OBJECTS SQL INJECTION

Description A non-admin user account on the Zabbix frontend with the default User role, or with any other role that

Learn more
CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

CVE-2024-11667 : Zyxel ATP/USG FLEX/USG FLEX 50(W)/USG20(W)-VPN UP TO 5.38 URL PATH TRAVERSAL

Description A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG

Learn more