Shulou(Shulou.com)11/24 Report--

CTOnews.com June 28 news, Zyxel (Zhaoqin) is a manufacturer specializing in network equipment, many of its equipment are used for national and regional government services.

The security analysis company revealed on June 20 that Zhaoqin's devices had a CVE-2023-27992 vulnerability (CVSS risk score 9.8), and on the same day there were rumors that hackers began to exploit this vulnerability.

The ▲ image source CISA vulnerability tracking website CTOnews.com noted that the vulnerability affected the following firmware:

NAS0 firmware before Zhaoqin NAS V326.5 (AAZF.21) C14

NAS0 firmware before V540.5 (AATB.21) C11

NAS0 firmware before V542.5 (ABAG.21) C11.

These versions of preauthentication command injection vulnerabilities allow hackers to remotely execute certain operating system commands by sending constructed HTTP requests, thus allowing hackers to conduct data injection attacks and obtain relevant information.

It is reported that Zhaoqin fixed the loophole on the same day, considering that its equipment is mostly used for government and enterprise services, so it is expected.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.