Zyxel has provided security upgrades to fix significant problems affecting two of its network-attached storage (NAS) devices that have now achieved end-of-life (EoL) status.
Successful exploitation of three of the five vulnerabilities might allowed an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on vulnerable installations.
Impacted models include NAS326 running versions V5.21(AAZF.16)C0 and earlier, and NAS542 running versions V5.21(ABAG.13)C0 and earlier. The problems have been fixed in versions V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0, respectively.
A concise explanation of the faults is as follows :
CVE-2024-29972 - A command injection vulnerability in the CGI software "remote_help-cgi" that might enable an unauthenticated attacker to execute certain operating system (OS) commands by delivering a crafted HTTP POST request
CVE-2024-29973 - A command injection vulnerability in the 'setCookie' option that might enable an unauthenticated attacker to execute certain OS commands by delivering a crafted HTTP POST request
CVE-2024-29974 - A remote code execution vulnerability in the CGI software 'file_upload-cgi' that might enable an unauthenticated attacker to execute arbitrary code by submitting a malicious configuration file
CVE-2024-29975 - An inappropriate privilege management vulnerability in the SUID executable file that might enable an authorized local attacker with administrator credentials to execute certain system commands as the 'root' user
CVE-2024-29976 - An inappropriate privilege management vulnerability in the command 'show_allsessions' that might enable an authorized attacker to get a logged-in administrator's session information including cookies on an affected device
Outpost24 security researcher Timothy Hjort has been credited with identifying and disclosing the five weaknesses. It's worth mentioning that the two of the privilege escalation bugs that need authentication remain unpatched.
While there is no indication that the flaws have been exploited in the wild, users are encouraged to upgrade to the newest version for best protection.
