Lucene search
+L

58 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-4473

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS8AI score0.41348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.10 views

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

9.8CVSS7.6AI score0.2974EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2024-47455

Malicious code in bioql PyPI...

9.8CVSS8.8AI score0.02064EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-41781

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.602EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS...

9.8CVSS5.9AI score0.89326EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.8 views

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

6.7CVSS6.9AI score0.00466EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.9 views

CVE-2024-29976

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...

6.5CVSS6.7AI score0.08954EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.13 views

CVE-2023-35137

An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to obtain system information by sending a crafted URL to a vulnerable device...

7.5CVSS7AI score0.00866EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.13 views

CVE-2023-35138

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

9.8CVSS8.1AI score0.39998EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 8:5 a.m.12 views

CVE-2024-29972

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...

9.8CVSS8AI score0.89326EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:1 a.m.5 views

CVE-2024-29973

UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS7.9AI score0.86089EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:10 a.m.15 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS8.1AI score0.02064EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/10/10 11:48 p.m.102 views

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 - Remote Command Injection Vulnerability De...

9.8CVSS10AI score0.86089EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2024/09/24 12:0 a.m.8 views

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed network storage devices Zyxel NAS326 and Zyxel NAS542 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by...

10CVSS8.4AI score0.02064EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/10 1:55 a.m.16 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS8.2AI score0.02064EPSS
Exploits0References1
CVE
CVE
added 2024/09/10 1:55 a.m.106 views

CVE-2024-6342

CVE-2024-6342 affects Zyxel NAS326 and NAS542 devices. The issue lies in the export-cgi program, allowing an unauthenticated attacker to execute OS commands via a crafted HTTP POST request. Affected: NAS326 up to firmware V5.21(AAZF.18)C0 and NAS542 up to V5.21(ABAG.15)C0. Root cause: command inj...

9.8CVSS8.2AI score0.02064EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/10 1:55 a.m.51 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS0.02064EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.13 views

PT-2024-6387 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...

9.8CVSS8.4AI score0.02064EPSS
Exploits0References33
BDU FSTEC
BDU FSTEC
added 2024/07/02 12:0 a.m.5 views

The vulnerability in the implementation of the export-cgi and fileUpload-cgi scripts allows a hacker to circumvent security restrictions and execute arbitrary code. This vulnerability affects the backup and configuration restoration functions of the Zyxel NAS326 and Zyxel NAS542 network storage devices.

The vulnerability of the export-cgi and fileupload-cgi implementations of the backup and configuration restoration functions for Zyxel NAS326 and Zyxel NAS542 network storage devices is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to bypass...

10CVSS6.1AI score0.22784EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.9 views

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a...

10CVSS6.2AI score0.86089EPSS
Exploits7References3
Rows per page
Query Builder