CVE-2024-29973

CVSS v3.1 9.8 (Critical)

EPSS 92.77 % (99^th)

NVD Status Awaiting Analysis

UNSUPPORTED WHEN ASSIGNED
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

Weaknesses

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE Status: PUBLISHED
NVD Status: Awaiting Analysis
CNA: Zyxel Corporation
Published Date: 2024-06-04 02:15:48
(3 months ago)
Updated Date: 2024-08-02 02:15:17
(5 weeks ago)