Zyxel security advisory for NAS remote access vulnerability

CVEs: CVE-2020-13364, CVE-2020-13365


Zyxel NAS products are affected by a remote access vulnerability. Users are advised to install the latest firmware patches immediately for optimal protection.


What is the vulnerability?

A remote access vulnerability was identified in a CGI script for the web application of NAS products. When a user logs in using the unprivileged “admin” user account, the vulnerability could allow the user to start a Telnet or SSH service and generate a password for the “NsaRescueAngel” user account with root privileges. As the vulnerable CGI is a legacy design, it has been removed in the latest firmware of the affected NAS products.


What products are vulnerable—and what should you do?

After a thorough investigation, we have confirmed that the NAS products listed in the below table are affected. We urge users to install the latest firmware immediately for the best protection.

Device Latest firmware version
NAS326 V5.21(AAZF.9)C0
NAS520 V5.21(AASZ.5)C0
NAS540 V5.21(AATB.6)C0
NAS542 V5.21(ABAG.6)C0*
* Please contact your local Zyxel support team for assistance.

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.



Daniel Nussko, an independent researcher from Germany


Revision history

2020-8-5: Initial release