Zyxel reports multiple critical vulnerabilities in their NAS devices
Take action: If you are using ZyXel NAS devices, make sure it's not accessible from the internet, then patch immediately. Delaying this will only help hackers.
Zyxel, a well-known manufacturer of network-attached storage (NAS) devices, is alerting users to a series of critical security vulnerabilities affecting its products NAS326 and NAS542.
ZyXel NAS devices, are primarily utilized by small to medium-sized businesses, IT professionals, and digital content creators, and serve as centralized storage hubs on a network and are sometimes used for remote collaboration. For videographers, digital artists, businesses and IT professionals, these systems are integral to their operations.
The exploitation of these vulnerabilities could lead to various adverse outcomes, such as unauthorized access, leakage of sensitive system information, or complete control over the compromised NAS devices.
Zyxel has recommended firmware updates as the primary solution to these vulnerabilities. Users of the NAS326 model are advised to upgrade to version V5.21(AAZF.15)C0 or later, while those using NAS542 should update their firmware to V5.21(ABAG.12)C0 or later.
Zyxel had not provided any alternative mitigation strategies or temporary workarounds.