CVE-2024-6342
published 2024-09-10CVE-2024-6342: **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | nas326_firmware | < 5.21\(aazf.18\)c0 | 5.21\(aazf.18\)c0 |
| zyxel | nas326_firmware | <= V5.21(AAZF.18)C0 | — |
| zyxel | nas326_firmware | — | — |
| zyxel | nas542_firmware | < 5.21\(abag.15\)c0 | 5.21\(abag.15\)c0 |
| zyxel | nas542_firmware | <= V5.21(ABAG.15)C0 | — |
| zyxel | nas542_firmware | — | — |