CVE-2024-29976: UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

** UNSUPPORTED WHEN ASSIGNED **
The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.

Affected

4 ranges

Vendor	Product	Version range	Fixed in
zyxel	nas326_firmware	< V5.21(AAZF.17)C0	V5.21(AAZF.17)C0
zyxel	nas326_firmware	< 5.21\(aazf.17\)c0	5.21\(aazf.17\)c0
zyxel	nas542_firmware	< V5.21(ABAG.14)C0	V5.21(ABAG.14)C0
zyxel	nas542_firmware	< 5.21\(abag.14\)c0	5.21\(abag.14\)c0

CVE-2024-29976: ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before…

Affected

CVE-2024-29976: UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before…