漏洞描述
Zyxel NAS设备是Zyxel公司生产的一种网络附加存储(Network AttachedStorage,NAS)设备。NAS设备是一种专门的文件存储设备,能够通过网络与多个用户或设备共享文件。Zyxel NAS326 设备中的存在未授权开启的NsaRescueAngel 账号,攻击者可以来利用该账号获取服务器root权限,进而控制整个设备。
Zyxel NAS设备 存在 NsaRescueAngel 后门帐号漏洞 (CVE-2024-29972)
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-19326: Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
- POC CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9955: Zyxel - Cross-Site Scripting
- POC CVE-2020-29583: ZyXel USG - Hardcoded Credentials
- POC CVE-2020-9054: Zyxel NAS Firmware 5.21- Remote Code Execution
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-0342: Zyxel - Authentication Bypass
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
- POC CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass