Unauthenticated Command Injection Vulnerability in Zyxel NAS326 Firmware
CVE-2024-29973
Key Information:
- Vendor
- Zyxel
- Vendor
- CVE Published:
- 4 June 2024
Badges
What is CVE-2024-29973?
CVE-2024-29973 is a serious vulnerability affecting Zyxel NAS326 firmware and NAS542 firmware. These devices are Network Attached Storage (NAS) solutions designed for home and small business use, allowing users to store and manage data across a network. The vulnerability enables an unauthenticated attacker to inject arbitrary commands via crafted HTTP POST requests, potentially allowing them to execute operating system commands on the device. This could lead to unauthorized access and control over the NAS, posing significant risks to data integrity and network security for organizations utilizing these systems.
Technical Details
The vulnerability specifically resides in the "setCookie" parameter of the Zyxel NAS326 and NAS542 firmware. Versions prior to V5.21(AAZF.17)C0 for NAS326 and V5.21(ABAG.14)C0 for NAS542 are affected. Attackers can exploit this vulnerability without authentication, making it particularly dangerous as it lowers the barrier to entry for potential malicious actors. The execution of operating system commands could allow attackers to manipulate data, install malware, or disrupt services on the affected devices.
Potential impact of CVE-2024-29973
-
Unauthorized Access and Control: The vulnerability allows unauthenticated attackers to execute commands on the devices, potentially giving them full control over the NAS systems. This access could lead to the unauthorized modification or deletion of sensitive data.
-
Data Breaches: Given the nature of NAS devices, containing valuable data, exploitation could result in data breaches, exposing personal or proprietary information which could be detrimental to an organization’s reputation and compliance with data protection regulations.
-
Malware Installation and Network Compromise: If exploited, attackers could deploy malware or ransomware, not only affecting the target NAS but potentially spreading across the network to other connected devices, escalating the severity of the compromise and impacting overall organizational security.
Affected Version(s)
NAS326 firmware < V5.21(AAZF.17)C0
NAS542 firmware < V5.21(ABAG.14)C0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Critical Zyxel NAS vulnerability targeted by Mirai-like botnet
Hackread reports that outdated Zyxel network-attached storage devices are being subjected to intrusions by a Mirai-like botnet exploiting the critical Python code injection flaw, tracked as CVE-2024-29973.
7 months ago
株式会社マキナレコードCVE-2024-29973ロシア関連グループ、最新の影響力行使キャンペーンでバイデン批判しトランプを称賛 | Codebook|Security News
ロシア関連グループが最新の影響力行使キャンペーンでバイデン大統領を批判し、トランプ前大統領を称賛|「Miraiのような」ボットネットによるEOL Zyxel NASデバイスへの攻撃が確認される(CVE-2024-29973)
7 months ago
Recent Zyxel NAS Vulnerability Exploited by Botnet
A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.
7 months ago
References
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by GBHackers on Security
Vulnerability published
Vulnerability Reserved