CVE-2023-27992
CRITICAL KEVZyxel NAS326, NAS540, and NAS542 Firmware < 5.21 - Unauthenticated OS Command Injection via HTTP Request
Title source: llmExploitation Summary
CVE-2023-27992 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 23, 2023.
Description
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992
Scores
CVSS v3
9.8
EPSS
0.8762
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2023-06-23
VulnCheck KEV
2023-06-23
InTheWild.io
2023-06-23
ENISA EUVD
EUVD-2023-31717
CWE
CWE-78
Status
published
Products (3)
zyxel/nas326_firmware
< 5.21\(aazf.14\)c0
zyxel/nas540_firmware
< 5.21\(aatb.11\)c0
zyxel/nas542_firmware
< 5.21\(abag.11\)c0
Published
Jun 19, 2023
KEV Added
Jun 23, 2023
Tracked Since
Feb 18, 2026