CVE-2024-29972 - Vulnerability Details - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Nas326 Nas326 Firmware Nas542 Nas542 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

History

Wed, 22 Jan 2025 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zyxel Zyxel nas326 Zyxel nas326 Firmware Zyxel nas542 Zyxel nas542 Firmware
CPEs		cpe:2.3:h:zyxel:nas326:-:::::::* cpe:2.3:h:zyxel:nas542:-:::::::* cpe:2.3:o:zyxel:nas326_firmware:::::::: cpe:2.3:o:zyxel:nas542_firmware::::::::
Vendors & Products		Zyxel Zyxel nas326 Zyxel nas326 Firmware Zyxel nas542 Zyxel nas542 Firmware

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2024-06-04T01:24:58.172Z

Updated: 2024-08-02T01:17:58.671Z

Reserved: 2024-03-22T08:49:44.342Z

Link: CVE-2024-29972

Vulnrichment

Updated: 2024-08-02T01:17:58.671Z

NVD

Status : Analyzed

Published: 2024-06-04T02:15:47.960

Modified: 2025-01-22T22:39:02.917

Link: CVE-2024-29972

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29972", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-03-22T08:49:44.342Z", "datePublished": "2024-06-04T01:24:58.172Z", "dateUpdated": "2024-08-02T01:17:58.671Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NAS326 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}]}, {"defaultStatus": "unaffected", "product": "NAS542 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.<br>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0\u00a0could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:54:34.673Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-04T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-29972"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas326_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas542_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T03:55:24.711Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.671Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29972", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-04T19:13:40.879709Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas326_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas542_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T19:16:06.783Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "NAS326 firmware", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "NAS542 firmware", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0\u00a0could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.", "supportingMedia": [{"type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:54:34.673Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29972", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.671Z", "dateReserved": "2024-03-22T08:49:44.342Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-06-04T01:24:58.172Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF437A28-8199-4AB6-9F07-F061994C0D9C", "versionEndExcluding": "5.21\\(aazf.17\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373", "versionEndExcluding": "5.21\\(abag.14\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "security@zyxel.com.tw", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0\u00a0could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** La vulnerabilidad de inyecci\u00f3n de comando en el programa CGI \"remote_help-cgi\" en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y en las versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podr\u00eda permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo (SO) enviando una solicitud HTTP POST manipulada."}], "id": "CVE-2024-29972", "lastModified": "2025-01-22T22:39:02.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2024-06-04T02:15:47.960", "references": [{"source": "security@zyxel.com.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}