Summary: Zyxel has issued critical hotfixes for its NAS326 and NAS542 products due to a severe command injection vulnerability (CVE-2024-6342) that allows remote code execution. Despite these devices reaching their end-of-vulnerability-support lifecycle, the hotfixes are essential for protecting users against potential exploitation.
Threat Actor: Unauthenticated attackers | unauthenticated attackers
Victim: Zyxel NAS users | Zyxel NAS users
Key Point :
- The command injection vulnerability (CVE-2024-6342) has a critical severity score of 9.8 on the CVSS scale.
- Hotfixes are available for immediate download to protect against potential exploitation.
- Users are urged to apply the hotfixes promptly, as unpatched systems are at high risk of being compromised.
- Organizations should consider migrating to newer, supported hardware to mitigate future risks.
Zyxel has released critical hotfixes for two of its NAS products, NAS326 and NAS542, which have already reached their end-of-vulnerability-support lifecycle. These devices are susceptible to a command injection vulnerability (CVE-2024-6342), which carries a severity score of 9.8 on the CVSS scale, making it a critical threat.
The vulnerability lies within the export-cgi program of the affected NAS devices. It allows an unauthenticated attacker to remotely execute operating system commands by sending a maliciously crafted HTTP POST request. If exploited, this could lead to a complete compromise of the NAS system, enabling attackers to gain control, exfiltrate data, or launch further attacks on other systems within the network.
Vulnerable Products and Versions
- Zyxel NAS326: Versions V5.21(AAZF.18)C0 and earlier
- Zyxel NAS542: Versions V5.21(ABAG.15)C0 and earlier
Although these devices reached their end-of-vulnerability-support on December 31, 2023, Zyxel has taken the exceptional step of providing hotfixes to address this critical flaw due to its severity and potential impact on users.
Hotfix Availability
Zyxel has urged users of the affected devices to install the hotfixes immediately to ensure optimal protection. The hotfixes are available for download on Zyxel’s official support page:
- NAS326: Version V5.21(AAZF.18)Hotfix-01
- NAS542: Version V5.21(ABAG.15)Hotfix-01
The Importance of Prompt Action
Given the critical nature of the CVE-2024-6342 vulnerability, it is essential for all NAS326 and NAS542 users, even those using these devices beyond their official support period, to apply the hotfixes. Unpatched systems are at high risk of being targeted by malicious actors who can exploit the vulnerability to take full control of the device and execute unauthorized operations.
For organizations or individuals that rely on Zyxel NAS devices for their data storage needs, this hotfix serves as a final line of defense. Since no further vulnerability support will be provided for these devices, users should also consider migrating to newer, supported hardware to avoid future risks.