Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2024-29972
HistoryJul 01, 2024 - 1:42 a.m.

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account

2024-07-0101:42:17
ProjectDiscovery
github.com
40
zyxel
command injection
security vulnerability
unauthenticated attacker

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.93

Percentile

99.1%

JSON
The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

id: CVE-2024-29972

info:
  name: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
  author: gy741
  severity: critical
  description: |
    The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
  reference:
    - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-29972
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.88
    cve-id: CVE-2024-29972
    cwe-id: CWE-78
    epss-score: 0.9
    epss-percentile: 0.3869
    cpe: cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: zyxel
    product: nas326_firmware
    fofa-query: app="ZYXEL-NAS326"
  tags: cve,cve2024,zyxel,backdoor

http:
  - raw:
      - |
        GET /desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'result=0')"
        condition: and
# digest: 490a0046304402206b2d4cfd5c621781801ef53e7d715b6fc342a1ed7efd9c8062b9eb57cc1e2bc40220525d54e21960aa54a3f0edf5ef9cb5e823657c8de084be264d8f155217d9115d:922c64590222798bb761d5b6d8e72950

Related

cvelist 1
nvd 1
githubexploit 2
vulnrichment 1
cve 1
nessus 1
openvas 1
thn 1
cvelist
cvelist
CVE-2024-29972
2024-06-04 01:24:58
nvd
nvd
CVE-2024-29972
2024-06-04 02:15:47
githubexploit
githubexploit
Exploit for CVE-2024-29972
2024-06-20 11:12:52
Exploit for CVE-2024-29972
2024-07-04 21:31:07
vulnrichment
vulnrichment
CVE-2024-29972
2024-06-04 01:24:58
cve
cve
CVE-2024-29972
2024-06-04 02:15:47
nessus
nessus
Zyxel NAS Multiple Vulnerabilities
2024-06-14 00:00:00
openvas
openvas
Zyxel NAS Multiple Vulnerabilities (Jun 2024) - Active Check
2024-06-06 00:00:00
thn
thn
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
2024-06-05 07:10:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

0.93

Percentile

99.1%

JSON
Related for NUCLEI:CVE-2024-29972
cvelist1nvd1githubexploit2vulnrichment1cve1nessus1openvas1thn1