US authorities have alerted the public about the ongoing exploitation of a critical vulnerability found in Zyxel Network Attached Storage (NAS) devices. The manufacturer released a security update on June 20th. Still, within just three days, active exploitation was detected by the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security. Federal agencies utilizing Zyxel NAS devices have been advised to install the update by July 14th.
The vulnerability, CVE-2023-27992, enables “pre-authentication command injection,” allowing malicious actors to execute system commands on the NAS device without requiring login credentials. This security flaw has been assessed with a severity rating of 9.8 out of 10. The affected models include Zyxel NAS326, NAS540, and NAS542. Zyxel has responded by releasing firmware version 5.21, specifically designed to address this vulnerability. The vulnerability reports were received from three independent sources and promptly shared with Zyxel.
CISA maintains a comprehensive list of actively exploited vulnerabilities to safeguard critical infrastructure, providing federal agencies with deadlines to install necessary updates. This ever-expanding list helps identify vulnerabilities that attackers are actively targeting. Among the recently added entries is CVE-2023-27992, although CISA has refrained from disclosing specific details about the ongoing attacks exploiting this particular vulnerability.