Zyxel Nas542_firmware
18 CVEs affecting Zyxel Nas542_firmware. Latest disclosed: 2024-09-10. Critical: 9, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6342 | Critical | 9.8 | 2024-09-10 | **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542… |
CVE-2024-29974 | Critical | 9.8 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZ… |
CVE-2024-29973 | Critical | 9.8 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and… |
CVE-2024-29972 | Critical | 9.8 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17… |
CVE-2023-4474 | Critical | 9.8 | 2023-11-30 | The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG… |
CVE-2023-4473 | Critical | 9.8 | 2023-11-30 | A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could al… |
CVE-2023-35138 | Critical | 9.8 | 2023-11-30 | A command injection vulnerability in the “show_zysync_server_contents” function of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware versi… |
CVE-2023-27992 | Critical | 9.8 | 2023-06-19 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21… |
CVE-2020-9054 | Critical | 9.8 | 2020-03-04 | Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may all… |
CVE-2023-37928 | High | 8.8 | 2023-11-30 | A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.2… |
CVE-2023-37927 | High | 8.8 | 2023-11-30 | The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG… |
CVE-2020-13365 | High | 8.8 | 2020-08-06 | Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used fo… |
CVE-2020-13364 | High | 8.8 | 2020-08-06 | A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V… |
CVE-2023-35137 | High | 7.5 | 2023-11-30 | An improper authentication vulnerability in the authentication module of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(A… |
CVE-2023-5372 | High | 7.2 | 2024-01-30 | The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(A… |
CVE-2023-27988 | High | 7.2 | 2023-05-30 | The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker w… |
CVE-2024-29975 | Medium | 6.7 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AA… |
CVE-2024-29976 | Medium | 6.5 | 2024-06-04 | ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.2… |