Improper Privilege Management Vulnerability Affects Zyxel NAS326 Firmware
CVE-2024-29976
6.5MEDIUM
What is CVE-2024-29976?
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
Affected Version(s)
NAS326 firmware < V5.21(AAZF.17)C0
NAS542 firmware < V5.21(ABAG.14)C0