June 5, 2024 at 04:03AM
Zyxel has released security updates for two end-of-life network-attached storage devices to address critical flaws. The vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code. Outpost24 security researcher Timothy Hjort discovered and reported the flaws. Users are urged to update to the latest version for optimal protection.
Key Takeaways from the Meeting Notes:
– Zyxel has released security updates to address critical flaws impacting two end-of-life network-attached storage (NAS) devices: NAS326 and NAS542.
– Successful exploitation of vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code on affected installations.
– The vulnerabilities include command injection and remote code execution flaws, as well as improper privilege management issues.
– Outpost24 security researcher Timothy Hjort discovered and reported the five flaws, and two privilege escalation flaws remain unpatched.
– Users are advised to update to the latest versions to ensure optimal protection against these vulnerabilities.