Unauthenticated Information Disclosure Vulnerability in Zyxel NAS326 and NAS542 Firmware

Unauthenticated Information Disclosure Vulnerability in Zyxel NAS326 and NAS542 Firmware

CVE-2023-35137 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device.

Learn more about our Web Application Penetration Testing UK.