3 matches found
CVE-2024-29976
UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...
Zyxel NAS Multiple Vulnerabilities (Jun 2024) - Active Check
Multiple Zyxel NAS devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only e.g.:...
CVE-2024-29976
Zyxel NAS326/NAS542 are affected by CVE-2024-29976 due to improper privilege management in the show_allsessions command. An authenticated attacker could obtain a logged-in administrator’s session cookies. Remediation is to upgrade to firmware versions V5.21(AAZF.17)C0 (NAS326) or V5.21(ABAG.14)C0...