CVSS Score of 10 (low)


Published Jun 19, 2023
Updated: Jun 27, 2023


CVE-2023-27992 is a pre-authentication command injection vulnerability that affects Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0. This vulnerability allows an unauthenticated attacker to remotely execute operating system (OS) commands by sending a crafted HTTP request. The risk score for this vulnerability is 89, indicating a high level of danger to organizations that use the affected products. To remediate this vulnerability, organizations should update their firmware to the specified versions or apply any patches provided by Zyxel.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-27992 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options