Cyber Resilience

CVE-2024-29972

CriticalPublic PoCRCE

Published: 04 June 2024

Published
04 June 2024
Modified
22 January 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9226 99.7th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29972 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zyxel Nas326 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2024-29972 is a command injection flaw in the remote_help-cgi CGI program present in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. Marked as unsupported when assigned, the issue is classified under CWE-78 and carries a CVSS 3.1 score of 9.8 reflecting network-accessible unauthenticated exploitation with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the flaw by submitting a crafted HTTP POST request that results in execution of arbitrary operating system commands on the affected NAS devices.

Zyxel’s security advisory for multiple NAS vulnerabilities, along with analysis from Outpost24, directs administrators to apply the fixed firmware releases V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0 on supported models to address the issue.

The associated EPSS score stands at 0.9226 with a recorded peak of 0.9268.

EU & UK References

Vulnerability details

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by…

more

sending a crafted HTTP POST request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zyxel
nas326 firmware
≤ 5.21\(aazf.17\)c0
zyxel
nas542 firmware
≤ 5.21\(abag.14\)c0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References