Critical Zyxel NAS device vulnerability addressed

Patches have been issued by Zyxel to fix a critical security flaw in its network-attached storage devices, The Hacker News reports. Zyxel noted that the vulnerability, tracked as CVE-2022-34747, impacts NAS326 (V5.21(AAZF.11)C0 and earlier), NAS540 (V5.21(AATB.8)C0 and earlier), and NAS542 (V5.21(ABAG.8)C0 and earlier) devices. "A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," said Zyxel, who attributed the bug's discovery to researcher Shaposhnikov Ilya. Administrators of the impacted devices have been urged to immediately apply the patches. The fix and corresponding disclosure follow Zyxel's patches for software flaws impacting its GS1200 series switches and firewall products in June and July. QNAP has also warned earlier this week regarding new DeadBolt ransomware attacks aimed at its NAS devices. Such attacks involved the exploitation of a then-unknown vulnerability in the Photo Station software.