CVE-2023-35137

HIGH

Zyxel NAS326/NAS542 < 5.21(AAZF.14)C0/< 5.21(ABAG.11)C0 - Authentication Bypass

Title source: llm

Description

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products

Scores

CVSS v3 7.5

EPSS 0.0016

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-287

Status published

Products (2)

zyxel/nas326_firmware < 5.21\(aazf.14\)c0

zyxel/nas542_firmware < 5.21\(abag.11\)c0

Published Nov 30, 2023

Tracked Since Feb 18, 2026