Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper authentication vulnerability (CVE-2023-35137) in the devices’ authentication module, and may allow unauthenticated attackers to grab system information by sending a specially crafted URL to a vulnerable device.

Source: Help Net Security