ZyXel NAS devices can be targeted by dangerous malware exploit
Take action: While not critical severity issue, a properly crafted phishing email can be used to persuade a user to execute a command while being authenticated to their ZyXel NAS, and allow malware to attack the NAS. Given that the vulnerability is present in Linux based NAS devices, other NAS drives from different manufacturers might have similar vulnerabilities. Please update your NAS.
Learn More
Security researchers havediscovered a security vulnerability in Zyxel Networks' Linux-operated NAS (Network Attached Storage) drives, including the NAS326, NAS540, and NAS542 models running on firmware version 5.21.
Zyxel Networks has issued an advisory stating that a post-authentication command injection vulnerability has been identified in the web management interface of certain NAS versions, specifically firmware 5.21 and earlier versions.
To protect their devices, users are strongly advised to update their NAS drives with the latest firmware, also identified as version 5.21. Zyxel Networks has specifically instructed NAS326 owners to update from firmware version 5.21 (AAZF.12)C0 to (AAZF.13)C0, NAS540 from version (AATB.9)C0 to (AATB.10)C0, and NAS542 from version (ABAG.9)C0 to (ABAG.10)C0. The firmware updates can be obtained from the Zyxel website.
The security researchers encountered a "Dangerous String Format" vulnerability, traced back to the ntpdate_date process, which allowed an authenticated user to execute arbitrary system commands with root privileges on the affected system. This posed a significant risk as it could enable hackers to inject remote malware onto NAS drives owned by unsuspecting users.
Although Zyxel Networks has promptly released a patch to address the issue, the researchers believe that similar vulnerabilities may exist in NAS drives from other companies.
