Zyxel released critical hotfixes to fix a command injection vulnerability in two of its NAS products, NAS326 and NAS542. Although these devices are no longer supported for vulnerabilities, they remain at risk of unauthorized command execution. Users are urged to apply the hotfixes for improved security.
CVE-2024-6342
CVE-2024-6342, found in the export-cgi program of Zyxel NAS326 and NAS542 devices, allows an unauthenticated attacker to execute OS commands by sending a specially crafted HTTP POST request.
This command injection vulnerability poses serious risks by potentially allowing attackers to take control of affected devices.
Although the NAS326 and NAS542 models are no longer supported for vulnerabilities, Zyxel released hotfixes due to the severity of CVE-2024-6342.
Users with extended support can apply these hotfixes to protect their devices from potential exploits.
Vulnerable Versions and Hotfix Availability:
- NAS326
- Affected Version: V5.21(AAZF.18)C0 and earlier
- Hotfix: V5.21(AAZF.18)Hotfix-01
- NAS542
- Affected Version: V5.21(ABAG.15)C0 and earlier
- Hotfix: V5.21(ABAG.15)Hotfix-01
These hotfixes highlight the severity of the vulnerability and Zyxel’s commitment to security, even for products no longer officially supported.
Users should apply the hotfixes immediately to reduce risks and protect their devices from unauthorized access and command execution.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment