漏洞描述
Zyxel NAS设备是Zyxel公司生产的一种网络附加存储(Network AttachedStorage,NAS)设备。NAS设备是一种专门的文件存储设备,能够通过网络与多个用户或设备共享文件。Zyxel NAS326 和 NAS542设备中的setCookie参数中存在命令注入漏洞,可能导致未经身份验证的威胁者发送恶意设计的 HTTP POST 请求执行某些系统命令。
Zyxel NAS设备 setCookie 命令注入漏洞(CVE-2024-29973)
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-19326: Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
- POC CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9955: Zyxel - Cross-Site Scripting
- POC CVE-2020-29583: ZyXel USG - Hardcoded Credentials
- POC CVE-2020-9054: Zyxel NAS Firmware 5.21- Remote Code Execution
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-0342: Zyxel - Authentication Bypass
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
- POC CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass