{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T12:29:53.078","vulnerabilities":[{"cve":{"id":"CVE-2024-29976","sourceIdentifier":"security@zyxel.com.tw","published":"2024-06-04T02:15:49.050","lastModified":"2025-01-22T22:49:10.943","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"security@zyxel.com.tw","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device."},{"lang":"es","value":"** NO SOPORTADO CUANDO SE ASIGNÓ ** La vulnerabilidad de administración de privilegios inadecuada en el comando “show_allsessions” en las versiones de firmware Zyxel NAS326 anteriores a V5.21(AAZF.17)C0 y versiones de firmware NAS542 anteriores a V5.21(ABAG.14)C0 podría permitir una atacante autenticado para obtener información de la sesión de un administrador que ha iniciado sesión y que contiene cookies en un dispositivo afectado."}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(aazf.17\\)c0","matchCriteriaId":"DF437A28-8199-4AB6-9F07-F061994C0D9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*","matchCriteriaId":"E0A01B19-4A91-4FBC-8447-2E854346DAC5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21\\(abag.14\\)c0","matchCriteriaId":"718ACAC1-C0E1-45DF-A23E-7A7F9CCF1373"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*","matchCriteriaId":"31C4DD0F-28D0-4BF7-897B-5EEC32AA7277"}]}]}],"references":[{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"security@zyxel.com.tw","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]},{"url":"https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}