Zyxel

Nas326 Firmware

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-6342

  • EPSS 6.7%
  • Veröffentlicht 10.09.2024 02:15:10
  • Zuletzt bearbeitet 22.01.2025 22:31:48

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to exec...

6.5

CVE-2024-29976

Exploit
  • EPSS 4.65%
  • Veröffentlicht 04.06.2024 02:15:49
  • Zuletzt bearbeitet 22.01.2025 22:49:10

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authentica...

6.7

CVE-2024-29975

Exploit
  • EPSS 0.24%
  • Veröffentlicht 04.06.2024 02:15:48
  • Zuletzt bearbeitet 22.01.2025 22:48:49

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated ...

9.8

CVE-2024-29974

Exploit
  • EPSS 47.6%
  • Veröffentlicht 04.06.2024 02:15:48
  • Zuletzt bearbeitet 22.01.2025 22:40:57

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated...

9.8

CVE-2024-29973

Exploit
  • EPSS 93.9%
  • Veröffentlicht 04.06.2024 02:15:48
  • Zuletzt bearbeitet 22.01.2025 22:40:25

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to...

9.8

CVE-2024-29972

Exploit
  • EPSS 92.6%
  • Veröffentlicht 04.06.2024 02:15:47
  • Zuletzt bearbeitet 22.01.2025 22:39:02

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated att...

7.2

CVE-2023-5372

  • EPSS 10.46%
  • Veröffentlicht 30.01.2024 01:15:59
  • Zuletzt bearbeitet 21.11.2024 08:41:38

The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute so...

9.8

CVE-2023-4474

  • EPSS 16.28%
  • Veröffentlicht 30.11.2023 02:15:43
  • Zuletzt bearbeitet 21.11.2024 08:35:14

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) comman...

9.8

CVE-2023-4473

  • EPSS 37.81%
  • Veröffentlicht 30.11.2023 02:15:43
  • Zuletzt bearbeitet 21.11.2024 08:35:14

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a...

8.8

CVE-2023-37928

  • EPSS 2.15%
  • Veröffentlicht 30.11.2023 02:15:43
  • Zuletzt bearbeitet 21.11.2024 08:12:29

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) co...