Intrusion PreventionZyxel.NAS.Pre-authentication.OS.Command.Injection
Description
This indicates an attack attempt to exploit an OS Command Injection vulnerability in Zyxel Routers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.
Affected Products
NAS326
NAS520
NAS540
NAS542
NSA210
NSA220
NSA220+
NSA221
NSA310
NSA310S
NSA320
NSA320S
NSA325
NSA325v2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-01 | 25.612 | Name:ZyXEL. NAS. Pre-authentication. OS. Command. Injection:Zyxel. NAS. Pre-authentication. OS. Command. Injection |
| 2023-04-24 | 23.539 | |
| 2020-04-30 | 15.831 | Sig Added |
| 2020-04-06 | 15.811 | Sig Added |
| 2020-03-09 | 15.790 | Default_action:pass:drop |
| 2020-02-26 | 15.784 |
| ID | 48762 |
| Created | Feb 26, 2020 |
| Updated | Jul 31, 2023 |
| Risk |
|
| CVE ID | CVE-2020-9054 |
| Known Exploited | Yes |
| Exploit Prediction Score | 96.91% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | SCADA |