Zyxel is releasing a firmware update for three different NAS devices. These are the NAS326, NAS540 and NAS542. The firmware of the three devices contains a vulnerability that allows third parties to take over the device.
ZyXEL NAS326 16TB
Zyxel has an update released to address the vulnerability. It’s about the vulnerability CVE-2022-34747. This vulnerability made it possible for attackers to run proprietary code on Zyxel’s NAS devices via a UDP package. It is unknown whether attackers have exploited the vulnerability or whether it is an undiscovered vulnerability.
The three models are vulnerable from version V5.21(AAZF.11)C0 and earlier. The manufacturer rates the vulnerability as highly critical, with a score of 9.8 on a scale of 1 to 10. Zyxel recommends that users update as soon as possible. The update is in the Zyxel download portal.