Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted URL to a vulnerable device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Zyxel NAS326 操作系统命令注入漏洞
Vulnerability Description
Zyxel NAS326是中国合勤(Zyxel)公司的一款云存储 NAS。 Zyxel NAS326 V5.21(AAZF.14)C0和NAS542 V5.21(ABAG.11)C0及之前版本存在操作系统命令注入漏洞,该漏洞源于存在命令注入漏洞,可能允许未经身份验证的攻击者通过向易受攻击的设备发送精心设计的URL执行操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A