CVE-2020-9054: Zyxel Multiple NAS Devices OS Command Injection
Zyxel Multiple NAS Devices OS Command Injection Vulnerability. Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
- CISA KEV-listed (remediation due 2022-04-15)
- EPSS 94.3% (99.9% percentile)