Active attacks reported against end-of-life Zyxel NAS devices
Take action: If you are using NAS326 and NAS542 devices, make sure they can't be accessed from the internet. Patch ASAP, because the hackers have found them and are exploiting them.
Learn More
There are indications of active attacks targeting end-of-life Zyxel NAS devices just weeks after the disclosure of three critical vulnerabilities. The Shadowserver Foundation reported that it began detecting remote command execution attempts linked to a "Mirai-like botnet" targeting Zyxel NAS devices.
The attacks are exploiting CVE-2024-29973, a command injection vulnerability with a critical severity rating of 9.8. This flaw affects Zyxel NAS326 and NAS542 devices and allows unauthenticated attackers to execute commands remotely.
Owners of affected Zyxel NAS devices are advised to check for signs of compromise, especially if they haven't applied the patches immediately. Given the end-of-support status of these devices, it might be prudent to replace them with newer hardware that receives regular security updates.
