CVE-2024-29976
First published: Tue Jun 04 2024(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel NAS326 | <V5.21(AAZF.17)C0 | |
| Zyxel NAS542 | <V5.21(ABAG.14)C0 | |
| All of | ||
| Zyxel NAS326 firmware | <5.21\(aazf.17\)c0 | |
| Zyxel NAS326 | ||
| All of | ||
| Zyxel Nas542 Firmware | <5.21\(abag.14\)c0 | |
| Zyxel NAS542 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- collector/the-register
- source/The Register
- alias/CVE-2024-29972
- alias/CVE-2024-29973
- alias/CVE-2024-29974
- alias/CVE-2023-27992
- alias/CVE-2024-29975
- alias/CVE-2024-29976
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/zyxel
- canonical/zyxel nas326 firmware
- canonical/zyxel nas326
- canonical/zyxel nas542 firmware
- canonical/zyxel nas542