CVE-2020-9054 - Zyxel Multiple NAS Devices OS Command Injection Vulnerability
Project:Zyxel
Product:Multiple Network-Attached Storage (NAS) Devices
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
Description
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9054
Related News Articles
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS AttacksJanuary 8, 2025