CVE-2023-5372
Last modified
CVE-2023-5372 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.. EPSS estimates a 28.47% chance of exploitation in the next 30 days.
Description
The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Nas326 Firmware | < 5.21\(aazf.16\)c0 |
| Zyxel | Nas542 Firmware | < 5.21\(abag.13\)c0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5372?
How severe is CVE-2023-5372?
How do I fix CVE-2023-5372?
Are you affected by CVE-2023-5372?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST