CVE-2023-35137

Summary

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Affected Software

VendorProductVersion RangeStatus
ZyxelNAS326 firmwareV5.21(AAZF.14)C0affected
ZyxelNAS542 firmwareV5.21(ABAG.11)C0affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References