Description

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

Related CPE's

o

zyxel

nas326_firmware

Vulnerable

h

zyxel

nas326

-

o

zyxel

nas542_firmware

Vulnerable

h

zyxel

nas542

-

References

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

ExploitThird Party Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Vendor Advisory

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

ExploitThird Party Advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-269

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-06-04T00:15:48.760Z

1 year ago

Last modified

2025-01-22T21:48:49.917Z

1 year ago