CVE-2024-29975

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "name": "https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\nThe improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the \u201croot\u201d user on a vulnerable device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-29975", "ASSIGNER": "security@zyxel.com.tw"}}, "impact": {}, "publishedDate": "2024-06-04T02:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.21\\(aazf.17\\)c0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:zyxel:nas326:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.21\\(abag.14\\)c0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:zyxel:nas542:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-01-22T22:48Z"}