Intrusion Prevention

ZyXEL.NAS.Pre-authentication.OS.Command.Injection

Description

This indicates an attack attempt to exploit an OS Command Injection vulnerability in Zyxel Routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

Affected Products

NAS326
NAS520
NAS540
NAS542
NSA210
NSA220
NSA220+
NSA221
NSA310
NSA310S
NSA320
NSA320S
NSA325
NSA325v2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml

CVE References

CVE-2020-9054