CVE-2022-34747

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Published: Sep 6, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-34747
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
zyxel / nas326_firmware	-	5.21\(aazf.12\)c0

https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml

Vulnerability Database

290,020

CVE-2022-34747