Top NAS devices are being targeted by this dangerous malware

Craig Hale

5 June 2023 at 7:00 am·2-min read

IoT cybersecurity company Sternum has identified a security vulnerability affecting Zyxel Networks’ Linux-operated NAS drives, including NAS326, NAS540, and NAS542 models, running on firmware version 5.21.

Zyxel Networks’ advisory reads: “The post-authentication command injection vulnerability has been found in the web management interface of some NAS versions,” citing firmware 5.21 and previous versions.

Users are being urged to patch their NAS drives with the latest firmware, which is also identified as 5.21, in order to protect their devices.

Zyxel Networks NAS patch

Specifically, NAS326 owners are being told to update from 5.21 (AAZF.12)C0 to (AAZF.13)C0, NAS540 from (AATB.9)C0 to (AATB.10)C0, and NAS542 from (ABAG.9)C0 to (ABAG.10)C0. The updates are available from the Zyxel website.

Sternum’s Noam Zhitomirsky, Reuven Yakar, Dean Zavadski, and Amit Serper are credited with notifying the NAS maker of the vulnerability, which was marked as CVE-2023-27988 on May 30, 2023.

> The best NAS hard drives

> Windows 11 cloud backup is getting a whole lot better at last

> A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices

In a press release, Sternum said: “Sternum security researchers were in the process of scanning one of the Zyxel NAS units as part of the company's standard lab deployment process when a “Dangerous String Format” alert was triggered by one of the security logics in the Sternum security platform.”

The problem was pinpointed as being with the ntpdate_date process, which left a vulnerability allowing an authenticated user to execute an arbitrary system command with root privileges on the system.

Sternum stressed that this could allow hackers to inject remote malware onto unsuspecting NAS drive owners’ devices.

While Zyxel’s quickly-issued patch will fix the issue, Sternum’s researchers believe that other companies’ drives could be vulnerable to similar issues, urging customers and consumers to always keep an eye out for company announcements and apply patches as soon as they become available.

Looking to take your storage entirely off-prem? Check out the best cloud storage providers

The Telegraph
Wife wars? The real reason the Obamas are not standing up for Biden
When Joe Biden was inaugurated as the 46th President of the United States in 2021, much was made of his wife Dr Jill Biden becoming the first First Lady ever to hold a salaried outside job.
The Independent
Dad pleaded for daughter’s ex-boyfriend not to be freed from jail. Days later, her mutilated body was found in a car
‘If they let him out, he was going to kill her,’ Lauren Johansen’s father said he warned a judge just days before his daughter’s death
The Telegraph
Biden vows to ‘beat Trump in 2020’ and says he’s proud to be a black woman in latest gaffes
Joe Biden vowed to beat Donald Trump “in 2020” as he pledged to stay in the presidential race and fight to save his re-election bid.
The Daily Beast
Conservatives Routed in Worst Election Result for 200 Years
LONDON—The Conservatives, the world’s winningest political party, were booted out of power in dramatic style on Thursday after 14 years of chaotic and divisive rule.The Labour Party had secured a landslide victory, ending an era of Conservative rule over Britain that stretches back to 2010; the year that the iPad and Instagram were launched and Lady Gaga wore that meat dress to the MTV music awards.In that time, the Conservatives have cycled through five leaders, each of them dragging the party
Reuters
China anchors 'monster ship' in South China Sea, Philippine coast guard says
The Philippine Coast Guard (PCG) said on Saturday that China's largest coastguard vessel has anchored in Manila's exclusive economic zone (EEZ) in the South China Sea, and is meant to intimidate its smaller Asian neighbour. The China coastguard's 165-meter 'monster ship' entered Manila's 200-nautical mile EEZ on July 2, spokesperson for the PCG Jay Tarriela told a news forum. The PCG warned the Chinese vessel it was in the Philippine's EEZ and asked about their intentions, he said.
Cosmo
Jade Thirlwall frees the nipple in a see-through chainmail top
Jade Thirlwall appears on the cover of beat magazine wearing a see-through chainmail top to free the nipple. See the image shared on social media, here.
People
Tobey Maguire Spotted with Arm Around Actress Lily Chee at Star-Studded Fourth of July Party
The 'Spider-Man' actor, 49, was seen spending time with actress Lily Chee, 20, at a party on July 4
The Independent
A couple rented an Airbnb from a ‘friendly’ landlord. Then they wound up dismembered in a suitcase
Michael Lee Dudley seemed like a typical Washington homeowner – until three teenagers stumbled across a suitcase of horrors on a beach
The Telegraph
Beijing is laughing at the West’s weakness
Russian aggression in Ukraine poses a threat to world peace and stability. China provides material support for Russia’s actions. All this is entirely clear. In Beijing, immediately after a meeting with Xi Jinping in April this year, US Secretary of State Antony Blinken said that “Russia would struggle to sustain its assault on Ukraine without China’s support”. This included selling huge quantities of machine tools and micro-electronics that would be used in the Russian defence industry.
The Independent
Voices: Tory downfall: The 9 reasons it has all gone wrong for Rishi Sunak
A series of world events, poor decisions and fatal gaffes conspired to see Rishi Sunak lead the Tories to the worst electoral defeat in his party’s 346-year history
Evening Standard
All change: When will Rishi Sunak have to move out of Number 10 — and where could he live next?
With the removal vans on standby, the current prime minister has a portfolio of high-end properties to choose from
Hello!
Rod Stewart, 79, rocked by divorce news: report
In a surprising turn of events Rod Stewart has received some shocking divorce news. See details.
INSIDER
How Obama mentored the new UK prime minister to help him tell his story
The leader of the Labour Party, Keir Starmer, has been mentored by Barack Obama. The relationship is likely to continue if Starmer wins the UK election.
EdgeProp
999-year leasehold detached house in Serangoon Gardens up for auction at $12.2 mil
The 2½-storey leasehold property will be put on auction at Knight Franks’ next auction on July 24 (Credit: Knight Frank Singapore)A 999-year leasehold detached house with a basement along Sandown Place in Serangoon Gardens Estate will be put on the block at Knight Frank’s next auction on July 24 for $12.2 million. The 2½-storey property sits on a land area of about 5,553 sq ft, translating to a land rate of $2,197 psf.An owner’s sale, this will be the first time that the property will be offered
Associated Press
Hong Kong activist Joshua Wong asks for a lesser sentence in landmark security case
Prominent activist Joshua Wong asked for a lesser sentence in court Friday after he earlier pleaded guilty in Hong Kong's biggest national security case. Wong was one of 47 activists charged in 2021 under a Beijing-imposed national security law with conspiracy to commit subversion for their involvement in an unofficial primary. The activists were accused of attempting to paralyze Hong Kong’s government and topple the city’s leader by aiming to win a legislative majority and using it to block city budgets indiscriminately.
Reuters
BYD's steep EV discounting in Thailand sparks backlash, PM seeks assurances
Thailand's consumer protection agency has received about 70 complaints since initiating a probe into aggressive discounting by BYD dealers that has left some buyers feeling they overpaid for their Chinese electric vehicles. Prime Minister Srettha Thavisin told BYD Chief Executive Wang Chuanfu, who was in Thailand to mark the opening of its first Southeast Asian factory this week and paid a courtesy call to the premier on Friday, to better manage customer expectations about pricing and ensure local buyers were protected. Wang gave assurances that future pricing would be appropriate and affected customers would receive support, according to a government spokesman.
The Telegraph
Zelensky U-turns as he invites Russia to attend peace summit without giving up land
Volodymyr Zelensky has invited Russia to the next peace summit despite previously saying it could only join if it relinquished land in Ukraine.
Yahoo News UK
Seven moments over 14 years that destroyed the Conservative government
The Tories have lost the 2024 general election with the worst results in the party's history. Here are the key moments that brought them down.
Cinema Online
Sophia Albarakbah has a long list of criteria for her future man
The actress wants someone who won't cheat, understanding, close to God, and the list goes on
Futurism
The Head of NASA Is Being Awfully Catty About China's Amazing New Moon Samples
China recently became the first country to ever return samples taken from the far side of the Moon, a historic mission that could have profound implications on our understanding of its evolution and ability to host human life. But thanks to a law called the Wolf Amendment, which was enacted by the US government in […]

Zyxel Networks NAS patch

Latest stories