{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T21:36:01.075","vulnerabilities":[{"cve":{"id":"CVE-2024-29975","sourceIdentifier":"security@zyxel.com.tw","published":"2024-06-04T02:15:48.760","lastModified":"2025-01-22T22:48:49.917","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"security@zyxel.com.tw","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device."},{"lang":"es","value":"** NO SOPORTADO CUANDO SE ASIGNÓ ** La vulnerabilidad de administración de privilegios inadecuada en el binario ejecutable SUID en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podría permitir una autenticación Atacante local con privilegios de administrador para ejecutar algunos comandos del sistema como usuario \"root\" en un dispositivo vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(aazf.17\\)c0","matchCriteriaId":"DF437A28-8199-4AB6-9F07-F061994C0D9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*","matchCriteriaId":"E0A01B19-4A91-4FBC-8447-2E854346DAC5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(abag.14\\)c0","matchCriteriaId":"718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*","matchCriteriaId":"31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}]}]}],"references":[{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"security@zyxel.com.tw","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]},{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}