CVE-2024-29974
published 2024-06-04CVE-2024-29974: ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | nas326_firmware | < V5.21(AAZF.17)C0 | V5.21(AAZF.17)C0 |
| zyxel | nas326_firmware | < 5.21\(aazf.17\)c0 | 5.21\(aazf.17\)c0 |
| zyxel | nas542_firmware | < V5.21(ABAG.14)C0 | V5.21(ABAG.14)C0 |
| zyxel | nas542_firmware | < 5.21\(abag.14\)c0 | 5.21\(abag.14\)c0 |