IoT cybersecurity company Sternum has identified a security vulnerability affecting Zyxel Networks’ Linux-operated NAS drives, including NAS326, NAS540, and NAS542 models, running on firmware version 5.21.
Zyxel Networks’ advisory reads: “The post-authentication command injection vulnerability has been found in the web management interface of some NAS versions,” citing firmware 5.21 and previous versions.
Users are being urged to patch their NAS drives with the latest firmware, which is also identified as 5.21, in order to protect their devices.
Zyxel Networks NAS patch
Specifically, NAS326 owners are being told to update from 5.21 (AAZF.12)C0 to (AAZF.13)C0, NAS540 from (AATB.9)C0 to (AATB.10)C0, and NAS542 from (ABAG.9)C0 to (ABAG.10)C0. The updates are available from the Zyxel website.
Sternum’s Noam Zhitomirsky, Reuven Yakar, Dean Zavadski, and Amit Serper are credited with notifying the NAS maker of the vulnerability, which was marked as CVE-2023-27988 on May 30, 2023.
In a press release, Sternum said: “Sternum security researchers were in the process of scanning one of the Zyxel NAS units as part of the company's standard lab deployment process when a “Dangerous String Format” alert was triggered by one of the security logics in the Sternum security platform.”
The problem was pinpointed as being with the ntpdate_date process, which left a vulnerability allowing an authenticated user to execute an arbitrary system command with root privileges on the system.
Sternum stressed that this could allow hackers to inject remote malware onto unsuspecting NAS drive owners’ devices.
While Zyxel’s quickly-issued patch will fix the issue, Sternum’s researchers believe that other companies’ drives could be vulnerable to similar issues, urging customers and consumers to always keep an eye out for company announcements and apply patches as soon as they become available.
- Looking to take your storage entirely off-prem? Check out the best cloud storage providers