Published: 06/08/2020 Updated: 09/02/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel nas326_firmware
zyxel nas520_firmware
zyxel nas540_firmware
zyxel nas542_firmware

Vulnerability research, firmware analysis, reverse engineering, programming notes (as much as I can)

@r0mpage IoT Stuff Ковыряем Часть 1 Бэкдор в прошивке Zyxel Ковыряем Часть 2 Реверс файла инициализации бэкдора, QEMU Пара слов о devicetree, DTB, DTS Ассемблер Xtensa 0-day's Уязвимости, которые были мной обнаружены, описаны и зареги

NVD-CWE-noinfo https://www.zyxel.com/us/en/support/security_advisories.shtml https://www.zyxel.com/support/Zyxel-security-advisory-for-NAS-remote-access-vulnerability.shtml https://nvd.nist.gov https://github.com/r0mpage/r0mpage.github.io

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-13364

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect