4Haz
CVE-2024-29973 | Zyxel NAS326/NAS542 prior 5.21 HTTP POST Request setCookie os command injection
A vulnerability was found in Zyxel NAS326 and NAS542. It has been classified as very critical. This affects an unknown part of the component HTTP POST Request Handler. The manipulation of the argument setCookie leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-29973. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.