The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Zyxel
Published: 2024-01-30T00:55:33.090Z
Updated: 2024-01-30T00:55:33.090Z
Reserved: 2023-10-04T03:32:04.281Z
Link: CVE-2023-5372
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-30T01:15:59.063
Modified: 2024-02-05T22:05:37.100
Link: CVE-2023-5372
JSON object: View
Redhat Information
No data.
CWE