Unrated severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024

CVE-2024-6342

Description

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Affected products

Zyxel/NAS326llm-create
Range: <= V5.21(AAZF.18)C0
Zyxel/NAS542llm-create
Range: <= V5.21(ABAG.15)C0
Zyxel/NAS326 firmwarev5
Range: <= V5.21(AAZF.18)C0
Zyxel/NAS542 firmwarev5
Range: <= V5.21(ABAG.15)C0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-nas-products-09-10-2024mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000