Zyxel NAS Device Security Update Advisory

Jun 24 2024

Overview

An update has been released to address vulnerabilities in Zyxel NAS devices. Users of affected versions are advised to update to the latest version.

Affected Products

NAS326 5.21(AAZF.16)C0 or below

NAS542 5.21(ABAG.13)C0 or below

Resolved Vulnerabilities

Command injection vulnerability in the CGI program “remote_help-cgi” in the Zyxel NAS326 and NAS542 devices allows unauthenticated attackers to execute operating system (OS) commands by sending a crafted HTTP POST request (CVE-2024-29972)

Command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 and NAS542 devices allows unauthenticated attackers to execute operating system (OS) commands by sending a crafted HTTP POST request (CVE-2024-29973)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

NAS326 5.21(AAZF.17)C0 version

NAS542 5.21(ABAG.14)C0 version

Referenced Sites

[1] Zyxel security advisory for multiple vulnerabilities in NAS products

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

[2] Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

Zyxel NAS Device Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

SAP Prodjct Suite May 2024 Security Patch Advisory

Atlassian Products June 2024 Routine Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

SAP Prodjct Suite May 2024 Security Patch Advisory

Atlassian Products June 2024 Routine Security Update Advisory