.webp "Attackers Can Execute Code Remotely on Zyxel NAS Devices Due to Vulnerability")
Zyxel recently announced the release of patches to address critical vulnerabilities in two of its NAS products, NAS326 and NAS542. These vulnerabilities, which include command injection and remote code execution exploits, pose a serious risk to users of these devices. The company has taken the proactive step of providing patches for these vulnerabilities, despite the fact that both products have reached their end-of-vulnerability support period.
The vulnerabilities in question include CVE-2024-29972, a command injection flaw in the remote_help-cgi program on Zyxel NAS326 and NAS542 devices. This vulnerability could allow an attacker to execute operating system commands by sending a specially crafted HTTP POST request. Additionally, CVE-2024-29973 involves a command injection vulnerability in the setCookie parameter on the same devices, enabling attackers to execute OS commands through a crafted HTTP POST request.
Another critical vulnerability, CVE-2024-29974, allows for remote code execution in the file_upload-cgi program on the NAS326 and NAS542 devices. This exploit permits attackers to execute arbitrary code by uploading a specially crafted configuration file to the vulnerable device. Furthermore, CVE-2024-29975 involves an improper privilege management flaw in the SUID executable binary on the same devices, potentially allowing authenticated local attackers with administrator privileges to execute system commands as the root user.
Lastly, CVE-2024-29976 is an improper privilege management vulnerability in the show_allsessions command on the affected NAS devices. This flaw could allow authenticated attackers to access a logged-in administrator’s session information, including cookies, on a compromised device.
Due to the severity of these vulnerabilities, Zyxel has released patches for the affected models, despite them having reached end-of-vulnerability support. Users of the NAS326 and NAS542 devices are strongly advised to install these patches immediately to protect their systems from potential attacks.
The affected models and their corresponding vulnerable versions are as follows:
– NAS326 (V5.21(AAZF.16)C0 and earlier) – Patch available: V5.21(AAZF.17)C0
– NAS542 (V5.21(ABAG.13)C0 and earlier) – Patch available: V5.21(ABAG.14)C0
Both NAS326 and NAS542 had reached end-of-vulnerability support on December 31, 2023. However, Zyxel’s commitment to releasing patches for these critical vulnerabilities even after this period highlights the importance of maintaining strong security measures for all users.
In conclusion, it is imperative for users of the affected NAS devices to apply these patches promptly to safeguard their systems from potential security risks. By taking this action, users can enhance the security of their devices and protect against potential malicious attacks.