cc-4416
-
CVE-2023-35138 – CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) This is a command injection vulnerability, with a CVSS score of 9.8, affecting the “show_zysync_server_contents” function in Zyxel NAS devices. This vulnerability could allow an unauthenticated attacker to execute specific operating system commands by sending a crafted HTTP POST…