⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2024-29973

CWE-78OS Command Injection6 documents6 sources
Severity
9.8CRITICAL
EPSS
94.1%
top 0.10%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Zyxel Nas326 FirmwareZyxel Nas542 Firmware
Timeline
PublishedJun 4
Latest updateSep 18

Description

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5zyxel/nas326_firmware< V5.21(AAZF.17)C0
CVEListV5zyxel/nas542_firmware< V5.21(ABAG.14)C0
NVDzyxel/nas326_firmware< 5.21\(aazf.17\)c0
NVDzyxel/nas542_firmware< 5.21\(abag.14\)c0

🔴Vulnerability Details

3
CVEList
CVE-2024-29973: ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V52024-06-04
GHSA
GHSA-2w49-w2vv-p84h: ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V52024-06-04
VulnCheck
Zyxel NAS setCookie Crafted HTTP POST Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Zyxel NAS Unauthorized Command Injection in setCookie Parameter (CVE-2024-29973)2024-09-18
CVE-2024-29973 (CRITICAL CVSS 9.8) | ** UNSUPPORTED WHEN ASSIGNED ** The | cvebase.io