Multiple Zyxel network-attached storage (NAS) devices were determined to be vulnerable to pre-authentication remote command injection. This could allow attackers to perform remote code execution. NAS products running firmware version 5.21 and earlier are vulnerable to this attack. Further, UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2 are also vulnerable. Those with firmware versions before ZLD V4.35 Patch 0 are NOT affected.
Remote code execution was identified in the weblogin.cgi program used in Zyxel NAS and firewall products. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device.
To check if the Your local ZyxelNAS is vulnerable, kb.cert.or provided a proof of concept (POC), which is available on their website: https://kb.cert.org/artifacts/cve-2020-9054.html . This POC will turn off Your NAS, if it is affected by this vulnerability (CVE-2020-9054).
Worried Your Systems Are At Risk? Contact LIFARS For Pentesting Services Today!