CVE: CVE-2018-14892, CVE-2018-14893
Summary
A recent study dubbed SOHOpelessly Broken 2.0 tested 13 SOHO routers and NAS devices and identified security vulnerabilities, including 125 common vulnerabilities and exposures (CVE). There were two vulnerabilities found on Zyxel NSA325 v2 media server. After investigation, even if the two vulnerabilities could result in cross-site request forgery (CSRF) or command injection, attackers would be unable to launch these attacks without successfully logging in to the device.
What is the vulnerability?
The NSA325 v2 device lacks request origin verification functionality for browser authentication, potentially resulting in cross-site request forgery. In addition, the device’s proprietary command-line interface language is vulnerable to command injection via application program interface (API), which could allow low-privilege users to execute system commands as root.
What should you do?
As NSA325 v2 is a legacy model that has been retired from the market, firmware updates are no longer supported. However, because attackers must log in to the device in order to launch such attacks, we recommend that users exercise good general security practices by following the guidance below:
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it. Contact security@zyxel.com.tw and we’ll get right back to you.
Acknowledgment
Thanks to Rick Ramgattie from Independent Security Evaluators for reporting this vulnerability to us.
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
Revision history
Initial release 2019-9-23