Severity: High

A remote code execution vulnerability was identified in the weblogin.cgi program used in Zyxel NAS (Network Attached Storage) and firewall products. Missing authentication for the program could allow attackers to perform remote code execution via OS command injection.

After a thorough investigation of the complete product lines, we’ve confirmed that the vulnerability affects the following products running specific firmware versions:

  • NAS products running firmware version 5.21 and earlier.
  • UTM, ATP, and VPN firewalls running firmware version ZLD V4.35 Patch 0 through ZLD V4.35 Patch 2. Those with firmware versions before ZLD V4.35 Patch 0 are NOT affected.