Zyxel security advisory for format string vulnerability in NAS
Zyxel has released patches for NAS products affected by a format string vulnerability. Users are advised to install them for optimal protection.
What is the vulnerability?
A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.
What versions are vulnerable—and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.
|Affected model||Affected version||Patch availability|
|NAS326||V5.21(AAZF.11)C0 and earlier||V5.21(AAZF.12)C0|
|NAS540||V5.21(AATB.8)C0 and earlier||V5.21(AATB.9)C0|
|NAS542||V5.21(ABAG.8)C0 and earlier||V5.21(ABAG.9)C0|
Got a question?
Please contact your local service rep or visit Zyxel’s forum for further information or assistance.
Thanks to Shaposhnikov Ilya for reporting the issue to us.
2022-09-06: Initial release