From thehackernews.com
![Zyxel](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEg9gA1m-NyLl3txCVjAtLnwxri1OddlI34vwf_e5TPIkfKi-qbFrYZ5eielhBcY96yFJt0MV5-RjGADH6GfGkyxp_M1jKEjuYnH_DQRP0AW41AyfpZYyPnFE5vYHkvvd0Ef-oa5TbZffmR5sKmVnoOapLwOsPOnNBORbaYMM8TLVo8dVeK_TCEfbX58/s728-e1000/zz.jpg)
Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices.
Tracked as CVE-2022-34747 (CVSS score: 9.8), the issue relates to a “format string vulnerability” affecting NAS326, NAS540, and NAS542 models. Zyxel credited researcher Shaposhnikov Ilya for reporting the flaw.
“A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet,” the company said in an advisory released on September 6.