CVE-2024-6342

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
6.6%
top 8.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zyxel Nas326 FirmwareZyxel Nas542 Firmware
Timeline
PublishedSep 10

Description

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDzyxel/nas326_firmware< 5.21\(aazf.18\)c0+1
NVDzyxel/nas542_firmware< 5.21\(abag.15\)c0+1
CVEListV5zyxel/nas326_firmwareV5.21(AAZF.18)C0
CVEListV5zyxel/nas542_firmwareV5.21(ABAG.15)C0

🔴Vulnerability Details

2
GHSA
GHSA-cjpp-26j6-262m: **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V52024-09-10
CVEList
CVE-2024-6342: **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V52024-09-10
CVE-2024-6342 (CRITICAL CVSS 9.8) | **UNSUPPORTED WHEN ASSIGNED** A com | cvebase.io