Zyxel points emergency RCE patch for end-of-life NAS units


Zyxel Networks has launched an emergency safety replace to handle three vital vulnerabilities impacting older NAS units which have reached end-of-life.

The failings impression NAS326 operating firmware variations 5.21(AAZF.16)C0 and earlier, and NAS542 operating firmware variations 5.21(ABAG.13)C0 and older.

The networking options vendor addressed three vital flaws, which allow attackers to carry out command injection and distant code execution. Nonetheless, two of the issues permitting privilege escalation and data disclosure weren’t mounted within the end-of-life merchandise.

Outpost24 safety researcher Timothy Hjort found and reported all 5 vulnerabilities to Zyxel. At the moment, the researchers published a detailed write-up and proof-of-concept (PoC) exploits in coordination with Zyxel disclosure.

The disclosed flaws are listed under, with solely CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974 mounted by Zixel:

  • CVE-2024-29972: Command injection flaw within the CGI program (‘remote_help-cgi’) permitting an unauthenticated attacker to ship a specially-crafted HTTP POST request to execute OS instructions utilizing a NsaRescueAngel backdoor account that has root privileges.
  • CVE-2024-29973: Command injection flaw within the ‘setCookie’ parameter, permitting an attacker to ship a specially-crafted HTTP POST request to execute OS instructions.
  • CVE-2024-29974: Distant code execution bug within the CGI program (‘file_upload-cgi’), permitting an unauthenticated attacker to add malicious configuration information on the gadget.
  • CVE-2024-29975: Improper privilege administration flaw within the SUID executable binary permitting an authenticated native attacker with admin rights to execute system instructions because the “root” person. (Not mounted)
  • CVE-2024-29976: Improper privilege administration downside within the ‘show_allsessions’ command, permitting an authenticated attacker to acquire session data, together with energetic admin cookies. (Not mounted)

Though each NAS fashions reached the top of their assist interval on December 31, 2023, Zyxel launched fixes for the three vital flaws in variations 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.

“As a result of vital severity of vulnerabilities CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, Zyxel has made patches out there to clients […] regardless of the merchandise already having reached end-of-vulnerability-support,” reads a Zyxel security advisory.

Zyxel says that it has not noticed the vulnerability exploited within the wild. Nonetheless, as there at the moment are public proof-of-concept exploits, house owners ought to apply the safety updates as quickly as attainable.

Leave a Reply

Your email address will not be published. Required fields are marked *