← back
CVE-2024-29975

CVE-2024-29975

CVSS 6.7 MEDIUMEPSS 0.5%CWE-269
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
04 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · NAS326 firmwareZyxel · NAS542 firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024