CVE-2024-6342

Name of the Vulnerable Software and Affected Versions Zyxel NAS326 versions through V5.21(AAZF.18)C0 Zyxel NAS542 versions through V5.21(ABAG.15)C0

Description A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. The vulnerability exists in the export-cgi program and allows an attacker to remotely execute operating system commands.

Recommendations For Zyxel NAS326 versions through V5.21(AAZF.18)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. For Zyxel NAS542 versions through V5.21(ABAG.15)C0, apply the hotfix released by Zyxel to address the command injection vulnerability. As a temporary workaround, consider disabling the export-cgi program until a patch is available. Restrict access to the vulnerable export-cgi program to minimize the risk of exploitation.