Free Trial

CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION

Description

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION
CVE-2023-4474 : ZYXEL NAS326/NAS542 WSGI SERVER OS COMMAND INJECTION

Contact us to get started

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed

Learn more
CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all

Learn more
CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard

Learn more