We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
Reserved 2024-06-26 | Published 2024-09-10 | Updated 2024-09-10 | Assigner ZyxelCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
www.zyxel.com/...on-vulnerability-in-nas-products-09-10-2024
Support options