CVE-2024-29975

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Configurations

No configuration.

History

04 Jun 2024, 16:57

Type	Values Removed	Values Added
Summary		(es) NO SOPORTADO CUANDO SE ASIGNÓ La vulnerabilidad de administración de privilegios inadecuada en el binario ejecutable SUID en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podría permitir una autenticación Atacante local con privilegios de administrador para ejecutar algunos comandos del sistema como usuario "root" en un dispositivo vulnerable.

04 Jun 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-04 02:15

Updated : 2024-06-05 13:15

NVD link : CVE-2024-29975

Mitre link : CVE-2024-29975

CVE.ORG link : CVE-2024-29975

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

6.7 /10