CVE-2024-29973

CVSS 9.8 CRITICALEPSS 86.2%CWE-78

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Zyxel · NAS326 firmware Zyxel · NAS542 firmware

public PoCs found — 6

githubgithub.com/bigb0x/CVE-2024-29973★ 10 githubgithub.com/NanoWraith/CVE-2024-29973★ 10 githubgithub.com/RevoltSecurities/CVE-2024-29973★ 6 githubgithub.com/momika233/CVE-2024-29973★ 3 githubgithub.com/intel365/CVE-2024-29973★ 2 githubgithub.com/p0et08/CVE-2024-29973★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024