CVE-2020-9054 - Zyxel Multiple NAS Devices OS Command Injection Vulnerability

CVE-2020-9054: Zyxel | Multiple Network-Attached Storage (NAS) Devices

Date Added:
2022-03-25

Due Date:
2022-04-15

Vulnerability Name: Zyxel Multiple NAS Devices OS Command Injection Vulnerability

Description: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-9054

Related News Articles: Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS AttacksJanuary 8, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard