CVE-2024-29975

CWE-269Improper Privilege Management3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.3%
top 48.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zyxel Nas326 FirmwareZyxel Nas542 Firmware
Timeline
PublishedJun 4

Description

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5zyxel/nas326_firmware< V5.21(AAZF.17)C0
CVEListV5zyxel/nas542_firmware< V5.21(ABAG.14)C0
NVDzyxel/nas326_firmware< 5.21\(aazf.17\)c0
NVDzyxel/nas542_firmware< 5.21\(abag.14\)c0

🔴Vulnerability Details

2
GHSA
GHSA-2h22-6qr3-qgp2: ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before2024-06-04
CVEList
CVE-2024-29975: ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before2024-06-04
CVE-2024-29975 (MEDIUM CVSS 6.7) | ** UNSUPPORTED WHEN ASSIGNED ** The | cvebase.io