OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2024-06-04T01:29:41.852Z

Updated: 2024-08-02T01:17:58.484Z

Reserved: 2024-03-22T08:49:44.342Z

Link: CVE-2024-29973

Vulnrichment

Updated: 2024-08-02T01:17:58.484Z

NVD

Status : Awaiting Analysis

Published: 2024-06-04T02:15:48.290

Modified: 2024-11-21T09:08:43.707

Link: CVE-2024-29973

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29973", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-03-22T08:49:44.342Z", "datePublished": "2024-06-04T01:29:41.852Z", "dateUpdated": "2024-08-02T01:17:58.484Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NAS326 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}]}, {"defaultStatus": "unaffected", "product": "NAS542 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.<br>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:55:17.294Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zyxel", "product": "nas326_firmware", "cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}]}, {"vendor": "zyxel", "product": "nas542_firmware", "cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-04T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-29973"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T03:55:25.902Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.484Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.484Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29973", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-22T03:55:27.704834Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas326_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas542_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T19:20:51.237Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "NAS326 firmware", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "NAS542 firmware", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.", "supportingMedia": [{"type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:55:17.294Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29973", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.484Z", "dateReserved": "2024-03-22T08:49:44.342Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-06-04T01:29:41.852Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "security@zyxel.com.tw", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before\u00a0V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO S ASIGN\u00d3 ** La vulnerabilidad de inyecci\u00f3n de comando en el par\u00e1metro \u201csetCookie\u201d en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y en las versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podr\u00eda permitir una atacante ejecutar algunos comandos del sistema operativo (SO) enviando una solicitud HTTP POST manipulada."}], "id": "CVE-2024-29973", "lastModified": "2024-11-21T09:08:43.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2024-06-04T02:15:48.290", "references": [{"source": "security@zyxel.com.tw", "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "security@zyxel.com.tw", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}