Zyxel says multiple NAS devices suffering from cybersecurity flaws

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Zyxel says it has discovered and addressed half a dozen vulnerabilities affecting two of its network-attached storage (NAS) devices.

Out of the six flaws, three are of critical severity, and allow threat actors to run operating system commands without authentication. In other words, they could abuse the flaw to install malware or extract information from the endpoint.

The bugs are tracked as CVE-2023-35137 (severity score 7.5), CVE-2023-35138 (9.8), CVE-2023-37927 (8.8), CVE-2023-37928 (8.8), CVE-2023-4473 (9.8), and CVE-2023-4474 (9.8). More details about the vulnerabilities can be found here.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Plenty of personal data

The affected devices are NAS326 running version 5.21(AAZF.14)C0 and earlier, and NAS542, running version 5.21(ABAG.11)C0 and earlier.

The only way to fix the issues is to upgrade to the recommended versions - V521(AAZF.15)C0 or later for NAS326, and V5.21(ABAG.12)C0 or later for NAS542. There are no mitigations and no workarounds. The only way to address the flaws is by updating the firmware, Zyxel said.

NAS devices are usually used by small and medium-sized businesses (SMB) to manage their data, facilitate remote work, or enable different collaboration options. Some businesses use it for data redundancy systems, too, BleepingComputer explains. They are built for high data volumes, it added. 

This also makes them a prime target for cybercriminals. In June this year, IoT cybersecurity company Sternum identified a security vulnerability affecting Zyxel’s NAS drives NAS326, NAS540, and NAS542 models, all running on firmware version 5.21. 

Last year, QNAP urged its NAS users to patch their endpoints immediately, as newly discovered flaws were being used by threat actors to deploy the Deadbolt ransomware. QNAP’s NAS devices were also found to be vulnerable to the DirtyPipe flaw that caused quite a ruckus last year.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.