CVE-2024-29976

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 versions prior to V5.21(AAZF.17)C0 Zyxel NAS542 versions prior to V5.21(ABAG.14)C0

Description The issue concerns improper privilege management in the command show allsessions in Zyxel NAS326 and NAS542 firmware. This could allow an authenticated attacker to obtain a logged-in administrator's session information containing cookies on an affected device by sending a specially crafted GET request to the /cmd,/ck6fup6/system main/show allsessions endpoint. The show allsessions command is vulnerable, potentially allowing attackers to elevate their privileges and gain unauthorized access to protected information.

Recommendations For Zyxel NAS326 versions prior to V5.21(AAZF.17)C0, update the firmware to V5.21 or later. For Zyxel NAS542 versions prior to V5.21(ABAG.14)C0, update the firmware to V5.21 or later. As a temporary workaround, consider restricting access to the show allsessions command until a patch is available. Avoid using the vulnerable endpoint /cmd,/ck6fup6/system main/show allsessions in the affected firmware versions to minimize the risk of exploitation.