CVE-2024-29975

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

Published: Jun 4, 2024
Updated: May 4, 2025
CVE: CVE-2024-29975
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
zyxel / nas326_firmware	-	5.21\(aazf.17\)c0
zyxel / nas542_firmware	-	5.21\(abag.14\)c0

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Vulnerability Database

290,020

CVE-2024-29975