CVE-2024-29973 PoC — Zyxel NAS326和Zyxel NAS542 操作系统命令注入漏洞

Source

https://github.com/voidbroker/CVE-2024-29973

Associated Vulnerability

Title:Zyxel NAS326和Zyxel NAS542 操作系统命令注入漏洞 (CVE-2024-29973)
Description:Zyxel NAS542和Zyxel NAS326都是中国合勤（Zyxel）公司的产品。Zyxel NAS542是一款NAS（网络附加存储）设备。Zyxel NAS326是一款云存储 NAS。 Zyxel NAS326 V5.21(AAZF.17)C0之前版本、NAS542 V5.21(ABAG.14)C0之前版本存在操作系统命令注入漏洞，该漏洞源于setCookie参数中存在命令注入漏洞，从而导致攻击者可通过HTTP POST请求来执行某些操作系统 (OS) 命令。

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-29973 PoC — Zyxel NAS326和Zyxel NAS542 操作系统命令注入漏洞

Source

Associated Vulnerability

File Snapshot

Remarks