Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update, vulnerability/Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover

Security Vulnerability in Zyxel NAS Devices Enables Remote System Takeover

Zyxel has identified and released security patches for critical vulnerabilities affecting their NAS326 and NAS542 devices. These vulnerabilities, known as command injection and remote code execution, could allow attackers to gain unauthorized access and potentially take control of your NAS device remotely.

To protect your data and maintain optimal security, we strongly advise you to install these latest patches on your NAS326 or NAS542 device as soon as possible.

CVE-2024-29972

The “remote_help-cgi” CGI program in Zyxel NAS326 and NAS542 devices contains a command injection vulnerability, which could enable an unauthenticated attacker to execute operating system (OS) commands by sending a carefully crafted HTTP POST request.

CVE-2024-29973

It pertains to a command injection vulnerability found in the “setCookie” parameter of Zyxel NAS326 and NAS542 devices, which could enable an unauthenticated attacker to execute OS commands by sending a carefully crafted HTTP POST request.

CVE-2024-29974

The CGI program “file_upload-cgi” in Zyxel NAS326 and NAS542 devices has a remote code execution vulnerability, which could enable an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a susceptible device.

CVE-2024-29975

This flaw in the SUID executable binary on Zyxel NAS326 and NAS542 devices could enable an authenticated local attacker with administrator privileges to run certain system commands as the “root” user on a susceptible device.

CVE-2024-29976

The vulnerability in the “show_allsessions” command on Zyxel NAS326 and NAS542 devices could let an authenticated attacker access an administrator’s session information, including cookies on the affected device

Vulnerable Versions and Recommended Actions

The vulnerable versions for Zyxel NAS326 are firmware versions before V5.21(AAZF.17)C0, and for NAS542, the vulnerable versions are firmware versions before V5.21(ABAG.14)C0 [2]. To stay safe, users should install the patches provided by Zyxel, even though the affected products are no longer receiving regular updates.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!