{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T21:07:42.361","vulnerabilities":[{"cve":{"id":"CVE-2024-29972","sourceIdentifier":"security@zyxel.com.tw","published":"2024-06-04T02:15:47.960","lastModified":"2025-01-22T22:39:02.917","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"security@zyxel.com.tw","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"** UNSUPPORTED WHEN ASSIGNED **\nThe command injection vulnerability in the CGI program \"remote_help-cgi\" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request."},{"lang":"es","value":"** NO SOPORTADO CUANDO SE ASIGNÓ ** La vulnerabilidad de inyección de comando en el programa CGI \"remote_help-cgi\" en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y en las versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podría permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo (SO) enviando una solicitud HTTP POST manipulada."}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(aazf.17\\)c0","matchCriteriaId":"DF437A28-8199-4AB6-9F07-F061994C0D9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*","matchCriteriaId":"E0A01B19-4A91-4FBC-8447-2E854346DAC5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(abag.14\\)c0","matchCriteriaId":"718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*","matchCriteriaId":"31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}]}]}],"references":[{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"security@zyxel.com.tw","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]},{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}