CVE-2024-29975

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 versions prior to V5.21(AAZF.17)C0 Zyxel NAS542 versions prior to V5.21(ABAG.14)C0

Description The issue is related to improper privilege management in the SUID executable binary. This could allow an authenticated local attacker with administrator privileges to execute system commands as the "root" user on a vulnerable device. The vulnerability is associated with deficiencies in access control, which may enable an attacker to elevate their privileges and execute arbitrary commands using the executor su binary file.

Recommendations For Zyxel NAS326 versions prior to V5.21(AAZF.17)C0, update to version V5.21(AAZF.17)C0 or later. For Zyxel NAS542 versions prior to V5.21(ABAG.14)C0, update to version V5.21(ABAG.14)C0 or later. As a temporary workaround, consider restricting access to the executor su binary file to minimize the risk of exploitation.