{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29975", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2024-03-22T08:49:44.342Z", "datePublished": "2024-06-04T01:43:06.403Z", "dateUpdated": "2024-08-02T01:17:58.589Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NAS326 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}]}, {"defaultStatus": "unaffected", "product": "NAS542 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device.<br>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:56:43.897Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zyxel", "product": "nas326_firmware", "cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}]}, {"vendor": "zyxel", "product": "nas542_firmware", "cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T04:01:31.402103Z", "id": "CVE-2024-29975", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T13:00:30.502Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.589Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.589Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-05T04:01:31.402103Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:nas326_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas326_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "v5.21\\(aazf.17\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:nas542_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "nas542_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "5.21\\(abag.14\\)co", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T12:59:55.307Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "NAS326 firmware", "versions": [{"status": "affected", "version": "< V5.21(AAZF.17)C0"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "NAS542 firmware", "versions": [{"status": "affected", "version": "< V5.21(ABAG.14)C0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["vendor-advisory"]}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device.", "supportingMedia": [{"type": "text/html", "value": "** UNSUPPORTED WHEN ASSIGNED **<br>The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-06-04T01:56:43.897Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29975", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.589Z", "dateReserved": "2024-03-22T08:49:44.342Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-06-04T01:43:06.403Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF437A28-8199-4AB6-9F07-F061994C0D9C", "versionEndExcluding": "5.21\\(aazf.17\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0A01B19-4A91-4FBC-8447-2E854346DAC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373", "versionEndExcluding": "5.21\\(abag.14\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "matchCriteriaId": "31C4DD0F-28D0-4BF7-897B-5EEC32AA7277", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "security@zyxel.com.tw", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device."}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** La vulnerabilidad de administraci\u00f3n de privilegios inadecuada en el binario ejecutable SUID en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podr\u00eda permitir una autenticaci\u00f3n Atacante local con privilegios de administrador para ejecutar algunos comandos del sistema como usuario \"root\" en un dispositivo vulnerable."}], "id": "CVE-2024-29975", "lastModified": "2025-01-22T22:48:49.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2024-06-04T02:15:48.760", "references": [{"source": "security@zyxel.com.tw", "tags": ["Exploit", "Third Party Advisory"], "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}