CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29972

High Severity
Zyxel
SVRS
46/100
CVSSv3
NA/10
EPSS
0.91529/1

CVE-2024-29972 is a command injection vulnerability affecting Zyxel NAS devices. This flaw in the "remote_help-cgi" CGI program allows unauthenticated attackers to execute operating system commands on vulnerable NAS326 and NAS542 devices via crafted HTTP POST requests. Despite a CVSS score of 0, the SOCRadar Vulnerability Risk Score (SVRS) is 46, indicating a moderate level of risk due to active exploits being available. Zyxel NAS326 and NAS542 users are advised to check if their firmware is within the vulnerable versions and to seek patches, though this CVE is marked as unsupported by the vendor. Successful exploitation grants attackers unauthorized control of the affected devices. The 'In The Wild' and 'Exploit Available' tags emphasize the urgency of addressing this vulnerability.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-06-04
LAST MODIFIED2025-01-22
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-29972 is a command injection vulnerability in Zyxel NAS326 and NAS542 firmware versions before V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0, respectively. This vulnerability allows an unauthenticated attacker to execute arbitrary operating system commands by sending a crafted HTTP POST request. The SVRS score of 34 indicates a moderate risk, highlighting the need for attention and appropriate mitigation measures.

Key Insights:

  • Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to target devices without physical access.
  • Unauthenticated Access: Attackers do not require authentication to exploit this vulnerability, making it easier for them to compromise vulnerable systems.
  • Potential Impact: Successful exploitation could lead to unauthorized access, data theft, or even complete system compromise.

Mitigation Strategies:

  • Update Firmware: Install the latest firmware updates (V5.21(AAZF.17)C0 for NAS326 and V5.21(ABAG.14)C0 for NAS542) to patch the vulnerability.
  • Disable Remote Access: If possible, disable remote access to the affected devices until the firmware update is applied.
  • Network Segmentation: Implement network segmentation to isolate vulnerable devices from critical systems and resources.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have not been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: The vulnerability is not known to be actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-pochttps://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc2024-06-30
codeb0ss/CVE-2024-29972-PoChttps://github.com/codeb0ss/CVE-2024-29972-PoC2024-07-04
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

10th June – Threat Intelligence Report - Check Point Research
2024-06-10
10th June – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 10th June, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Pathology services provider Synnovis has experienced a ransomware attack that affected procedures and operations in several major hospitals in London, including the Department of Health and Social Care, NHS Qilin (formerly Agenda) ransomware gang claimed responsibility for the attack. Check Point Threat Emulation provides protection against this threat (Ransomware.Win.Agenda; Ransomware.Wins.Qilin) Social media giant TikTok has been a victim of a cyber-attack that targeted high-profile TikTok
google.com
rss
forum
news
Recent Zyxel NAS Vulnerability Exploited by Botnet - SecurityWeek
2024-06-25
Recent Zyxel NAS Vulnerability Exploited by Botnet - SecurityWeek | News Content: A recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices is already exploited in botnet attacks, the Shadowserver Foundation warns. Tracked as CVE-2024-29973, the issue is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched CVE-2023-27992, a similar code injection bug. “While patching this vulnerability, they added a new endpoint which uses the same approach as the old ones, and while doing so, implemented the same mistakes as its predecessors,” explains Outpost24 security
google.com
rss
forum
news
Recent Zyxel NAS Vulnerability Exploited by Botnet - SecurityWeek
2024-06-25
Recent Zyxel NAS Vulnerability Exploited by Botnet - SecurityWeek | News Content: A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products. Flipboard Reddit Whatsapp Whatsapp Email A recently disclosed critical-severity vulnerability in discontinued Zyxel NAS devices is already exploited in botnet attacks, the Shadowserver Foundation warns. Tracked as CVE-2024-29973, the issue is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched CVE-2023-27992, a similar code injection bug. “While patching this vulnerability, they added a new endpoint which uses
google.com
rss
forum
news
Tageszusammenfassung - 04.06.2024
CERT.at2024-06-04
Tageszusammenfassung - 04.06.2024 | End-of-Day report Timeframe: Montag 03-06-2024 18:00 - Dienstag 04-06-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer News Vorsicht vor betrügerischen Seiten zu Digitaler Euro und Bundesschatz! Der Watchlist Internet werden aktuell massenhaft E-Mails gemeldet, die im Namen von der Österreichischen Nationalbank ein Pilotprogramm zum digitalen Euro ankündigen. Dabei wird mit -einmaligen Renditechancen- geworben und durch den Hinweis auf die Kooperation von bundesschatz.at und der Europäischen Zentralbank Seriosität und Vertrauenswürdigkeit vorgetäuscht. <
cve-2024-28999
cve-2024-29974
cve-2024-29973
cve-2024-29972
Mirai-esque botnet is hitting Zyxel NAS devices
2024-06-25
Mirai-esque botnet is hitting Zyxel NAS devices | Affected NAS devices had reached end-of-life, but there is a patch, so make sure to protect your endpoints straight away. A botnet, strikingly similar to the dreaded Mirai, is targeting Zyxel NAS instances that have passed their end-of-life date, new research has claimed. A report from the Shadowserver Foundation, a security organization that keeps track of cyber-threats, says the threat actors recently started scanning for
techradar.com
rss
forum
news
10th June – Threat Intelligence Report - Check Point Research - Check Point Research
2024-06-10
10th June – Threat Intelligence Report - Check Point Research - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 10th June, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Pathology services provider Synnovis has experienced a ransomware attack that affected procedures and operations in several major hospitals in London, including the Department of Health and Social Care, NHS Qilin (formerly Agenda) ransomware gang claimed responsibility for the attack. Check Point Threat Emulation provides protection against this threat (Ransomware.Win.Agenda; Ransomware.Wins.Qilin) Social media giant TikTok has been a victim of a cyber-attack that targeted
cve-2012-1823
cve-2024-29972
cve-2024-4358
cve-2024-4577
Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms
Maine Basan2024-06-10
Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms | Explore recent RCE attacks and other vulnerabilities on major platforms. Stay updated on the latest fixes. The post Vulnerability Recap 6/10/24 – RCE Attacks in Major Platforms appeared first on eSecurity Planet.Last week&#8217;s vulnerability news revealed a significant increase in serious flaws targeted by cyber threat actors across multiple large platforms. The recent remote code execution
cve-2024-21683
cve-2024-4358
cve-2024-29974
cve-2018-20062

Social Media

"Tick-tock, tech clock! Zyxel's ol' NAS326 &amp; NAS542 just got a safety spruce-up. Zombies have risen with patches for CVE-2024-29972, 73, &amp; 74. No get-out-of-jail-free card for 75 &amp; 76, though. 💀 Updated yet? @InfoSecIvy #ZyxelPatch #BugBounty #VintageTechChic" https://t.co/PEZFuY2yKE
0
0
0
🆕 New vulnerabilities in Zyxel NAS devices (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974) have been patched! 🔐 Read More https://t.co/372Fnnxqq5 #CyberSecurity #Zyxel #PatchManagement https://t.co/WLMhgpsNBc
0
0
0
CVE-2024-29972 (CVSS:9.8, CRITICAL) is Awaiting Analysis. ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326..https://t.co/RaAGDA7rTd #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0
Two of the vulnerabilities, CVE-2024-29972 and 29973, allows an attacker to execute OS commands, while CVE-2024-29974 allows an attacker to upload malicious config files
1
0
0
"Due to the critical severity of #vulnerabilities CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, #Zyxel has made patches available to customers with extended support, despite the products already having reached end-of-vulnerability-support" https://t.co/PTQJqMPlUZ
0
0
0
CVE-2024-29972 ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and… https://t.co/hKh0H2pCcf
0
0
1
[CVE-2024-29972: 9.8/CRITICAL] Critical vulnerability in Zyxel NAS326 and NAS542 firmware allows remote attackers to execute unauthorized OS commands through a specially crafted HTTP POST request. Update to V5.21(AAZF.17)C0 or V5... https://t.co/RvJtMh3pqB
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSZyxelnas326_firmware
Configuration 2
TypeVendorProduct
OSZyxelnas542_firmware

References

ReferenceLink
[email protected]https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
[email protected]https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
AF854A3A-2127-422B-91AE-364DA2661108https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
AF854A3A-2127-422B-91AE-364DA2661108https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
[email protected]https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
[email protected]https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
GITHUBhttps://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence