{"id":352853,"date":"2022-09-07T09:10:27","date_gmt":"2022-09-07T11:10:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-vulnerabilite-rce-critique-affecte-les-peripheriques-zyxel-nas-patch-du-micrologiciel-publie\/"},"modified":"2022-09-07T09:10:29","modified_gmt":"2022-09-07T11:10:29","slug":"une-vulnerabilite-rce-critique-affecte-les-peripheriques-zyxel-nas-patch-du-micrologiciel-publie","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-vulnerabilite-rce-critique-affecte-les-peripheriques-zyxel-nas-patch-du-micrologiciel-publie\/","title":{"rendered":"Une vuln\u00e9rabilit\u00e9 RCE critique affecte les p\u00e9riph\u00e9riques Zyxel NAS &#8211; Patch du micrologiciel publi\u00e9"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Le fabricant d&#8217;\u00e9quipements r\u00e9seau Zyxel a publi\u00e9 des correctifs pour une faille de s\u00e9curit\u00e9 critique affectant ses p\u00e9riph\u00e9riques de stockage en r\u00e9seau (NAS).<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-34747\" target=\"_blank\">CVE-2022-34747<\/a> (score CVSS\u00a0: 9,8), le probl\u00e8me concerne une &#8220;vuln\u00e9rabilit\u00e9 de cha\u00eene de format&#8221; affectant les mod\u00e8les NAS326, NAS540 et NAS542.  Zyxel a cr\u00e9dit\u00e9 le chercheur Shaposhnikov Ilya pour avoir signal\u00e9 la faille.<\/p>\n<p>&#8220;Une vuln\u00e9rabilit\u00e9 de cha\u00eene de format a \u00e9t\u00e9 trouv\u00e9e dans un binaire sp\u00e9cifique des produits Zyxel NAS qui pourrait permettre \u00e0 un attaquant d&#8217;ex\u00e9cuter du code \u00e0 distance non autoris\u00e9 via un paquet UDP sp\u00e9cialement con\u00e7u&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml\" target=\"_blank\">a dit<\/a> dans un avis publi\u00e9 le 6 septembre.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La faille affecte les versions suivantes &#8211;<\/p>\n<ul>\n<li>NAS326 (V5.21(AAZF.11)C0 et versions ant\u00e9rieures)<\/li>\n<li>NAS540 (V5.21(AATB.8)C0 et versions ant\u00e9rieures) et<\/li>\n<li>NAS542 (V5.21(ABAG.8)C0 et versions ant\u00e9rieures)<\/li>\n<\/ul>\n<p>La divulgation intervient alors que Zyxel a pr\u00e9c\u00e9demment abord\u00e9 l&#8217;escalade des privil\u00e8ges locaux et les vuln\u00e9rabilit\u00e9s de travers\u00e9e de r\u00e9pertoire authentifi\u00e9es (<a rel=\"nofollow noopener\" href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml\" target=\"_blank\">CVE-2022-30526 et CVE-2022-2030<\/a>) affectant ses produits de pare-feu en juillet.<\/p>\n<p>Le piratage des appareils NAS devient une pratique courante.  Si vous ne prenez pas de pr\u00e9cautions ou ne maintenez pas le logiciel \u00e0 jour, les attaquants peuvent voler vos donn\u00e9es sensibles et personnelles.  Dans certains cas, ils parviennent m\u00eame \u00e0 supprimer d\u00e9finitivement des donn\u00e9es.<\/p>\n<p>En juin 2022, il a \u00e9galement corrig\u00e9 une faille de s\u00e9curit\u00e9 (<a rel=\"nofollow noopener\" href=\"https:\/\/www.zyxel.com\/support\/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml\" target=\"_blank\">CVE-2022-0823<\/a>) qui laissait les commutateurs de la s\u00e9rie GS1200 vuln\u00e9rables aux attaques par devinette de mot de passe via une attaque par canal lat\u00e9ral de synchronisation.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/critical-rce-vulnerability-affects.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le fabricant d&#8217;\u00e9quipements r\u00e9seau Zyxel a publi\u00e9 des correctifs pour une faille de s\u00e9curit\u00e9 critique affectant ses p\u00e9riph\u00e9riques de stockage en r\u00e9seau (NAS). Suivi comme CVE-2022-34747 (score CVSS\u00a0: 9,8), le probl\u00e8me concerne une &#8220;vuln\u00e9rabilit\u00e9 de cha\u00eene de format&#8221; affectant les mod\u00e8les NAS326, NAS540 et NAS542. Zyxel a cr\u00e9dit\u00e9 le chercheur Shaposhnikov Ilya pour avoir signal\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":352854,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[1132,4168,22,4158,4165,4161,4157,4159,4171,4170,65,4167,21601,4160,5266,4163,4162,71440,5265,2212,22778,4172,4169,196,4166,3667,4164,40731],"class_list":["post-352853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affecte","tag-comment-pirater","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-micrologiciel","tag-mises-a-jour-de-la-cybersecurite","tag-nas","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-patch","tag-peripheriques","tag-publie","tag-rce","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-zyxel"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/352853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=352853"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/352853\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/352854"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=352853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=352853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=352853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}