Vulnerability CVE-2024-29974
Published: 2024-06-04

Description:
** UNSUPPORTED WHEN ASSIGNED **
The remote code execution vulnerability in the CGI program ??file_upload-cgi? in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.

Type:

CWE-434

 (Unrestricted Upload of File with Dangerous Type)

 References:
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
Copyright 2024, cxsecurity.com

 

Back to Top