Zyxel, a networking solutions provider, has issued patches for a severe vulnerability affecting the firmware of several network-attached storage (NAS) device models.
The security flaw, identified as CVE-2022-34747, has a CVSS score of 9.8/10 and is described as a format string vulnerability affecting Zyxel NAS326 firmware versions prior to V5.21(AAZF.12) C0. The vulnerability could be exploited by sending specially crafted UDP packets to affected products. A successful exploit of the vulnerability might allow an attacker to execute arbitrary code on the affected device, according to a company alert.
According to Zyxel’s analysis, just three NAS models are vulnerable and yet within their support lifetime. The vendor patched the issue with firmware upgrades for NAS326, NAS540, and NAS542 device models in mid-August, but did not disclose the problem details until this week.