Zyxel, a prominent networking equipment provider, has recently addressed three critical vulnerabilities that have been discovered affecting two of their network-attached storage (NAS) devices. The vulnerabilities in question are identified as CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974. These vulnerabilities pose a significant risk to the security of the NAS devices and could potentially be exploited by malicious actors to execute unauthorized commands and even gain remote access to the devices.
The first vulnerability, CVE-2024-29972, involves a command injection flaw in the CGI program, which could allow attackers to execute commands on the operating system by sending a specially crafted HTTP POST request. Similarly, CVE-2024-29973 also pertains to a command injection vulnerability, this time in the “setCookie” parameter, enabling attackers to execute unauthorized commands through a crafted HTTP POST request. Lastly, CVE-2024-29974 is a remote code execution vulnerability in the CGI program “file_upload-cgi,” which permits attackers to execute arbitrary code by uploading a malicious configuration file to a vulnerable device.
These vulnerabilities were identified and reported by Timothy Hjort, a dedicated vulnerability researcher affiliated with Outpost24’s Ghost Labs. In addition to the critical vulnerabilities, Hjort also uncovered a backdoor account that was supposedly removed several years ago. Furthermore, he identified two additional flaws, CVE-2024-29975 and CVE-2024-29976, which could be exploited by attackers who have already gained access to a vulnerable device to escalate their privileges and obtain sensitive information.
In response to the reported vulnerabilities, Zyxel has released patches to address the security issues affecting their NAS models – NAS326 and NAS542. Despite the devices reaching their end-of-support life cycle, Zyxel has taken proactive measures to release patches for the identified vulnerabilities and has even removed the “Remote Support” account, ‘NsaRescueAngel.’ Users of the affected devices are strongly encouraged to update their firmware to the latest versions to mitigate the risks posed by the vulnerabilities.
While Zyxel has not confirmed any active exploits of the vulnerabilities, the public disclosure of the vulnerabilities increases the likelihood of malicious actors attempting to exploit them. There is a growing concern that vulnerable devices could be targeted for malicious purposes, such as being enlisted into a botnet or subjected to ransomware attacks.
In conclusion, the swift response from Zyxel in addressing the critical vulnerabilities in their NAS devices serves as a reminder of the importance of regularly updating and securing network infrastructure. By promptly applying the necessary patches and following recommended security practices, users can safeguard their devices and networks from potential cyber threats and unauthorized access.