CVE-2023-27992 (GCVE-0-2023-27992)

Vulnerability from cvelistv5 – Published: 2023-06-19 11:42 – Updated: 2025-10-21 23:05
VLAI CISA Shadowserver KEVIntel
Summary
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 108dc425-827c-490b-bba2-d120469b7466

Vulnerability ID: CVE-2023-27992

Status: Confirmed

Status Updated: 2023-06-23 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2023-06-23
Asserted: 2023-06-23
Scope
Notes: KEV entry: Zyxel Multiple NAS Devices Command Injection Vulnerability | Affected: Zyxel / Multiple Network-Attached Storage (NAS) Devices | Description: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-78
Feed CISA Known Exploited Vulnerabilities Catalog
Product Multiple Network-Attached Storage (NAS) Devices
Due Date 2023-07-14
Date Added 2023-06-23
Vendorproject Zyxel
Vulnerabilityname Zyxel Multiple NAS Devices Command Injection Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 6ccdc41a-de53-4375-9535-56bfec0454b6

Vulnerability ID: CVE-2023-27992

Status: Confirmed

Status Updated: 2025-01-23 00:00 UTC

Exploited: Yes

Characteristics
Severity: 98.0
Timestamps
First Seen: 2025-01-07
Asserted: 2025-01-07
Last Seen: 2025-01-23
Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Zyxel / Zyxel NAS326/NAS540/NAS542 | Class: nas | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: yes | Honeypot connections on 2025-01-23: 5
Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver

Details
1D 1
Iot yes
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class nas
7D Avg 0
Vendor Zyxel
30D Avg 0
90D Avg 0
Product Zyxel NAS326/NAS540/NAS542
Cisa Kev yes
Connections 5
Observation Date 2025-01-23
Vulnerability Class CVSS
Vulnerability Score 9.8
Vulnerability Severity Critical
References
Created: 2026-06-30 12:07 UTC | Updated: 2026-06-30 12:07 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: fbf57fbc-b12d-4c15-ad06-4bfa9a601548

Vulnerability ID: CVE-2023-27992

Status: Confirmed

Status Updated: 2023-06-23 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2023-06-23
Asserted: 2023-06-23
Scope
Notes: KEVIntel entry: The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware... | Affected: Zyxel / NAS326 firmware, NAS540 firmware, NAS542 firmware | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False
Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details
Feed KEVIntel (kevintel.com)
Title The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware...
Vendor Zyxel
Product NAS326 firmware, NAS540 firmware, NAS542 firmware
Added Date 2023-06-23T00:00:00.000Z
Cvss Score 9.8
Epss Score None
Cvss Severity CRITICAL
Epss Percentile None
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev False
References
Created: 2026-06-23 14:05 UTC | Updated: 2026-06-23 14:05 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27992",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-27T22:16:42.703923Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-06-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:45.675Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-06-23T00:00:00.000Z",
            "value": "CVE-2023-27992 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NAS326 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c V5.21(AAZF.14)C0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NAS540 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c V5.21(AATB.11)C0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "NAS542 firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c V5.21(ABAG.11)C0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u0026nbsp;V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u0026nbsp;V5.21(AATB.11)C0, and NAS542\u0026nbsp;firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request."
            }
          ],
          "value": "The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T11:42:41.774Z",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2023-27992",
    "datePublished": "2023-06-19T11:42:41.774Z",
    "dateReserved": "2023-03-09T08:44:12.874Z",
    "dateUpdated": "2025-10-21T23:05:45.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-27992",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2023-06-23",
      "dueDate": "2023-07-14",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products;  https://nvd.nist.gov/vuln/detail/CVE-2023-27992",
      "product": "Multiple Network-Attached Storage (NAS) Devices",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.",
      "vendorProject": "Zyxel",
      "vulnerabilityName": "Zyxel Multiple NAS Devices Command Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2023-27992",
      "date": "2026-06-30",
      "epss": "0.84195",
      "percentile": "0.99663"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-07-14",
      "cisaExploitAdd": "2023-06-23",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Zyxel Multiple NAS Devices Command Injection Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.21\\\\(aazf.13\\\\)c0\", \"matchCriteriaId\": \"E1C7EF7A-7A3B-4DAB-B42A-2C84F861A5D2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0A01B19-4A91-4FBC-8447-2E854346DAC5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.21\\\\(aatb.10\\\\)c0\", \"matchCriteriaId\": \"0E8018F0-97F9-46E1-954B-08BA1BCE33AB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2F7264C-D32A-4EE9-BADC-78518D762BCA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.21\\\\(abag.10\\\\)c0\", \"matchCriteriaId\": \"1F106841-EEF2-4EFA-BD32-514AF9C74F22\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C4DD0F-28D0-4BF7-897B-5EEC32AA7277\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\\u00a0V5.21(AATB.11)C0, and NAS542\\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.\"}]",
      "id": "CVE-2023-27992",
      "lastModified": "2024-11-21T07:53:53.520",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@zyxel.com.tw\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-06-19T12:15:09.433",
      "references": "[{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\", \"source\": \"security@zyxel.com.tw\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@zyxel.com.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@zyxel.com.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-27992\",\"sourceIdentifier\":\"security@zyxel.com.tw\",\"published\":\"2023-06-19T12:15:09.433\",\"lastModified\":\"2026-06-17T05:46:20.047\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u00a0V5.21(AATB.11)C0, and NAS542\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.\"}],\"affected\":[{\"source\":\"security@zyxel.com.tw\",\"affectedData\":[{\"vendor\":\"Zyxel\",\"product\":\"NAS326 firmware\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"\u003c V5.21(AAZF.14)C0\",\"status\":\"affected\"}]},{\"vendor\":\"Zyxel\",\"product\":\"NAS540 firmware\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"\u003c V5.21(AATB.11)C0\",\"status\":\"affected\"}]},{\"vendor\":\"Zyxel\",\"product\":\"NAS542 firmware\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"\u003c V5.21(ABAG.11)C0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-01-27T22:16:42.703923Z\",\"id\":\"CVE-2023-27992\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2023-06-23\",\"cisaActionDue\":\"2023-07-14\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Zyxel Multiple NAS Devices Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"security@zyxel.com.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21\\\\(aazf.14\\\\)c0\",\"matchCriteriaId\":\"A4A72863-E165-4A25-B53F-EE5F97236C5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0A01B19-4A91-4FBC-8447-2E854346DAC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21\\\\(aatb.11\\\\)c0\",\"matchCriteriaId\":\"E86737DF-B02E-484D-AFB8-00D4F3B15330\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nas540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2F7264C-D32A-4EE9-BADC-78518D762BCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.21\\\\(abag.11\\\\)c0\",\"matchCriteriaId\":\"DB6182FF-5301-474F-B324-651208839B0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C4DD0F-28D0-4BF7-897B-5EEC32AA7277\"}]}]}],\"references\":[{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\",\"source\":\"security@zyxel.com.tw\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:23:30.801Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27992\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-27T22:16:42.703923Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-06-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-06-23T00:00:00.000Z\", \"value\": \"CVE-2023-27992 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27992\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-10T16:00:02.789Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zyxel\", \"product\": \"NAS326 firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c V5.21(AAZF.14)C0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \"NAS540 firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c V5.21(AATB.11)C0\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Zyxel\", \"product\": \"NAS542 firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c V5.21(ABAG.11)C0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\\u00a0V5.21(AAZF.14)C0, NAS540 firmware versions prior to\\u00a0V5.21(AATB.11)C0, and NAS542\\u00a0firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to\u0026nbsp;V5.21(AAZF.14)C0, NAS540 firmware versions prior to\u0026nbsp;V5.21(AATB.11)C0, and NAS542\u0026nbsp;firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"shortName\": \"Zyxel\", \"dateUpdated\": \"2023-06-19T11:42:41.774Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-27992\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:45.675Z\", \"dateReserved\": \"2023-03-09T08:44:12.874Z\", \"assignerOrgId\": \"96e50032-ad0d-4058-a115-4d2c13821f9f\", \"datePublished\": \"2023-06-19T11:42:41.774Z\", \"assignerShortName\": \"Zyxel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.