Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Nas326 Firmware | < 5.21\(aazf.17\)c0 |
| Zyxel | Nas326 | - |
| Zyxel | Nas542 Firmware | < 5.21\(abag.14\)c0 |
| Zyxel | Nas542 | - |
Related Weaknesses (CWE)
References
- https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ExploitThird Party Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
- https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ExploitThird Party Advisory
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
FAQ
What is CVE-2024-29975?
CVE-2024-29975 is a vulnerability with a CVSS score of 6.7 (MEDIUM). ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions bef...
How severe is CVE-2024-29975?
CVE-2024-29975 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29975?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Nas326 Firmware, Zyxel Nas326, Zyxel Nas542 Firmware, Zyxel Nas542.