Updated firmware versions for various Zyxel NAS models close a critical vulnerability. Network equipment manufacturer Zyxel advises owners of some network storage (NAS) models to update their firmware quickly. Attackers can target a vulnerability classified as “critical” and gain access to systems. Security patches are available.


  • CVE-2023-27992 (risk: “critical”)

Update now!

In a warning message, the manufacturer lists the affected models and the vulnerable firmwares. Owners of NAS devices from the manufacturer should quickly match the information and install the updates.

  • NAS326 vulnerable up to and including V5.21(AAZF.13)C0
  • NAS540 vulnerable up to and including V5.21(AATB.10)C0
  • NAS542 vulnerable up to and including V5.21(ABAG.10)C0

Zyxel states that versions V5.21(AAZF.14)C0, V5.21(AATB.11)C0, and V5.21(ABAG.11)C0 contain a security patch. The vulnerability (CVE-2023-27992) is rated as “critical”. Attackers should be able to exploit the vulnerability without authentication. They can execute system-level commands through crafted HTTP requests.

More safety tips

As a general rule, NAS devices should not be accessible from the Internet. This reduces the attack surface. Attackers often scan the Internet for publicly accessible ports on vulnerable devices and then strike. If external access is essential, connections should be protected via VPN and access should be secured with strong passwords. In addition, network storage should be placed behind a firewall so that filter rules block potentially malicious traffic.


Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!