#VU34062 Improper access control in ZyXEL Communications Corp. products - CVE-2020-13365

Cybersecurity Help s.r.o.

Published: 2020-08-05

Vulnerability identifier: #VU34062

Vulnerability risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-13365

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Zyxel NAS 326
Hardware solutions / Firmware
NAS520
Hardware solutions / Routers for home users
NAS540
Hardware solutions / Routers for home users
NAS542
Hardware solutions / Routers for home users

Vendor: ZyXEL Communications Corp.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in a CGI script for the web application. A remote authenticated attacker can start a Telnet or SSH service and generate a password for the "NsaRescueAngel" user account with root privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Zyxel NAS 326: before V5.21(AAZF.9)C0

NAS520: before V5.21(AASZ.5)C0

NAS540: before V5.21(AATB.6)C0

NAS542: before V5.21(ABAG.6)C0

External links
https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Zyxel NAS products