Zyxel NAS Devices Prone to Command Injection Attacks

Home/BOTNET, Internet Security, Security Advisory, Security Update, vulnerability/Zyxel NAS Devices Prone to Command Injection Attacks

Zyxel NAS Devices Prone to Command Injection Attacks

Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326 and NAS542. Although these devices are no longer supported for vulnerabilities, they remain at risk of unauthorized command execution. Users are urged to apply the hotfixes for improved security.

CVE-2024-6342

CVE-2024-6342, found in the export-cgi program of Zyxel NAS326 and NAS542 devices, allows an unauthenticated attacker to execute OS commands by sending a specially crafted HTTP POST request.

This command injection vulnerability poses serious risks by potentially allowing attackers to take control of affected devices.

Although the NAS326 and NAS542 models are no longer supported for vulnerabilities, Zyxel released hotfixes due to the severity of CVE-2024-6342.

Users with extended support can apply these hotfixes to protect their devices from potential exploits.

Vulnerable Versions and Hotfix Availability:

  • NAS326
    • Affected Version: V5.21(AAZF.18)C0 and earlier
    • Hotfix: V5.21(AAZF.18)Hotfix-01
  • NAS542
    • Affected Version: V5.21(ABAG.15)C0 and earlier
    • Hotfix: V5.21(ABAG.15)Hotfix-01

These hotfixes highlight the severity of the vulnerability and Zyxel’s commitment to security, even for products no longer officially supported.

Users should apply the hotfixes immediately to reduce risks and protect their devices from unauthorized access and command execution.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-09-12T04:57:50+05:30 September 10th, 2024|BOTNET, Internet Security, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!