« Back to all recent discussions
Zyxel security advisory for the remote code execution vulnerability of NAS products
Zyxel NAS (Network Attached Storage) and firewall products are affected by a remote code execution vulnerability. Users are advised to install the standard firmware patches or follow the workaround immediately for optimal protection.
What is the vulnerability?
A remote code execution vulnerability was identified in
the weblogin.cgi program used in Zyxel NAS and firewall products. Missing
authentication for the program could allow attackers to perform remote code
execution via OS command injection.
What products are vulnerable—and what should you do?
After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:
NAS products running firmware version 5.21 and earlier.
We’ve identified the vulnerable products that are within their warranty and support period, as shown in the table below. For optimal protection, we urge users to install the standard firmware immediately.
NAS326: Available now. Firmware V5.21(AAZF.7)C0
NAS520: Available now. Firmware V5.21(AASZ.3)C0
NAS540: Available now. Firmware V5.21(AATB.4)C0
NAS542: Available now. Firmware V5.21(ABAG.4)C0 (ftp://ftp2.zyxel.com/NAS542/firmware/NAS542_V5.21(ABAG.4)C0.zip)
An FAQ for NAS firmware update process is also available at https://homeforum.zyxel.com/discussion/3370/faq-upgrading-latest-nas-remote-code-execution-vulnerability-firmware#latest
For affected products that reached end-of-support in 2016 or earlier, firmware updates are no longer provided. We strongly recommend that users follow the workaround procedure, as detailed below, to remediate the vulnerability.
Affected models that are end-of-support:
NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
Workaround: Do not leave the product directly exposed to the internet. If possible, connect it to a security router or firewall for additional protection.
Got a question or a tipoff?Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact '[email protected]' and we’ll get right back to you.
Thanks to Brian Krebs, an independent investigative journalist, for reporting the issue to us and CERT/CC for coordinating the disclosure process.