First published: Tue Jun 04 2024(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
Credit: security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel NAS326 | <V5.21(AAZF.17)C0 | |
Zyxel NAS542 firmware | <V5.21(ABAG.14)C0 | |
All of | ||
Zyxel NAS326 | <5.21\(aazf.17\)c0 | |
Zyxel NAS326 | ||
All of | ||
Zyxel NAS542 firmware | <5.21\(abag.14\)c0 | |
Zyxel NAS542 firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-29974 has been classified as a remote code execution vulnerability affecting certain Zyxel NAS firmware.
To fix CVE-2024-29974, upgrade to Zyxel NAS326 firmware version V5.21(AAZF.17)C0 or NAS542 firmware version V5.21(ABAG.14)C0 or later.
CVE-2024-29974 affects users of Zyxel NAS326 and NAS542 devices running firmware versions before V5.21.
If exploited, CVE-2024-29974 could allow an unauthenticated attacker to execute arbitrary code on the affected Zyxel devices.
CVE-2024-29974 is documented as unsupported when assigned, which means it is not related to current supported firmware updates.