writeups.xyz / CVE-2023-37927 & CVE-2023-37928 - Multiple post-auth blind OS command and Python code injection vulnerabilities in Zyxel’s NAS326 devices

Submitter : c2a

Date: 30 November 2023

Bounty : undisclosed

Vulnerabilities :

• Code Injection
• OS Command Injection
• RCE
• Security Code Review

Programs :

• Zyxel

Authors :

• Gábor Selján (@GaborSeljan)

Link :
https://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/