Zyxel Raises Alarm on Critical Security Flaws in NAS Devices

Zyxel has disclosed several security vulnerabilities, among them three critical ones that could potentially enable an unauthorized attacker to execute commands within the operating system of vulnerable NAS devices without authentication.

NAS systems by Zyxel serve as centralized data storage solutions within networks, catering to various users such as small to medium-sized businesses seeking efficient data management, remote work facilitation, and collaboration features. They are also favored by IT professionals setting up data redundancy systems and creatives handling large media files like videographers and digital artists.

The recent security advisory from Zyxel highlights the critical flaws affecting NAS326 devices operating on version 5.21(AAZF.14)C0 and earlier, as well as NAS542 devices with version 5.21(ABAG.11)C0 and earlier.

Exploitation of these vulnerabilities could grant threat actors unauthorized access to the systems, allowing them to execute OS commands, retrieve sensitive system information, or gain complete control over the compromised Zyxel NAS devices.

In response to these serious risks, Zyxel strongly advises users of NAS326 to update their firmware to version V5.21(AAZF.15)C0 or newer. Similarly, users of NAS542 are urged to upgrade to firmware version V5.21(ABAG.12)C0 or later, as these releases address the identified vulnerabilities.

Zyxel’s recommended course of action to mitigate these risks revolves solely around firmware updates, with no alternative mitigation measures or workarounds suggested. This emphasizes the critical importance of promptly applying the provided firmware updates to safeguard the integrity and security of the affected NAS devices.

Users should immediately update their Zyxel NAS devices to the recommended firmware versions provided by the vendor. Regularly monitoring official advisories and promptly applying patches or updates is essential to mitigate potential security risks.