Zyxel has issued critical hotfixes to address a command injection vulnerability identified in two of its Network Attached Storage (NAS) products, NAS326 and NAS542.
These devices, which have reached end-of-vulnerability-support, are susceptible to attacks that could allow unauthorized command execution. Users are strongly advised to apply the hotfixes for enhanced security.
CVE-2024-6342 – The vulnerability
Identified as CVE-2024-6342, it exists in the export-cgi program of Zyxel NAS326 and NAS542 devices.
It permits an unauthenticated attacker to execute specific operating system commands by sending a specially crafted HTTP POST request.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
This type of command injection vulnerability poses significant risks as it could potentially allow attackers to gain control over the affected devices.
Despite the NAS326 and NAS542 models having reached the end of their vulnerability support, Zyxel has provided hotfixes due to the critical nature of CVE-2024-6342.
Users with extended backing can access these hotfixes, protecting their devices against potential exploits.
Vulnerable Versions and Hotfix Availability
| Affected Model | Affected Version | Hotfix Availability |
| NAS326 | V5.21(AAZF.18)C0 and earlier | V5.21(AAZF.18)Hotfix-01 |
| NAS542 | V5.21(ABAG.15)C0 and earlier | V5.21(ABAG.15)Hotfix-01 |
The release of these hotfixes underscores the critical nature of the vulnerability and Zyxel’s commitment to customer security, even for products that have surpassed their official support period.
Users are urged to promptly apply the hotfixes to mitigate potential risks and ensure their devices remain secure from unauthorized access and command execution.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!