Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems. Tracked asCVE-2023-27992(CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability. “The pre-authentication command injection vulnerability in some Zyxel