Zyxel

Nas326 Firmware

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-6342

  • EPSS 6.7%
  • Published 10.09.2024 02:15:10
  • Last modified 22.01.2025 22:31:48

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to exec...

6.5

CVE-2024-29976

Exploit
  • EPSS 4.65%
  • Published 04.06.2024 02:15:49
  • Last modified 22.01.2025 22:49:10

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authentica...

6.7

CVE-2024-29975

Exploit
  • EPSS 0.24%
  • Published 04.06.2024 02:15:48
  • Last modified 22.01.2025 22:48:49

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated ...

9.8

CVE-2024-29974

Exploit
  • EPSS 47.6%
  • Published 04.06.2024 02:15:48
  • Last modified 22.01.2025 22:40:57

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated...

9.8

CVE-2024-29973

Exploit
  • EPSS 93.9%
  • Published 04.06.2024 02:15:48
  • Last modified 22.01.2025 22:40:25

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to...

9.8

CVE-2024-29972

Exploit
  • EPSS 92.6%
  • Published 04.06.2024 02:15:47
  • Last modified 22.01.2025 22:39:02

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated att...

7.2

CVE-2023-5372

  • EPSS 10.46%
  • Published 30.01.2024 01:15:59
  • Last modified 21.11.2024 08:41:38

The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute so...

9.8

CVE-2023-4474

  • EPSS 16.28%
  • Published 30.11.2023 02:15:43
  • Last modified 21.11.2024 08:35:14

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) comman...

9.8

CVE-2023-4473

  • EPSS 37.81%
  • Published 30.11.2023 02:15:43
  • Last modified 21.11.2024 08:35:14

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a...

8.8

CVE-2023-37928

  • EPSS 2.15%
  • Published 30.11.2023 02:15:43
  • Last modified 21.11.2024 08:12:29

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated attacker to execute some operating system (OS) co...