June 25, 2024 at 09:44AM
A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them.
From the meeting notes, the key takeaways are:
– A critical-severity vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, has been reported and is already being exploited in botnet attacks.
– This vulnerability is described as a code injection flaw that can be exploited remotely without authentication. It was introduced last year, when Zyxel patched a similar code injection bug, CVE-2023-27992.
– Outpost24 security researcher Timothy Hjort discovered and reported the security defect, explaining that an attacker can send crafted HTTP POST requests to a vulnerable device to exploit the vulnerability for remote code execution.
– The Shadowserver Foundation revealed that exploitation attempts targeting this vulnerability by a Mirai-like botnet have been observed. Technical details and proof-of-concept (PoC) code targeting this flaw are publicly available.
– Zyxel released patches for CVE-2024-29973 and three other bugs in early June, but warned that the affected products (NAS326 and NAS542) were discontinued in December 2023. The company has made patches available to customers with extended support, despite the products already reaching end-of-vulnerability-support.
– Firmware versions V5.21(AAZF.17)C0 and V5.21(ABAG.14)C0 resolve the flaws for NAS326 and NAS542 devices, respectively. Users are advised to update their devices as soon as possible and consider replacing them with supported products.
– Threat actors, including botnet operators, have targeted vulnerabilities in Zyxel products for which patches had been released.
These points capture the key details and actions related to the reported vulnerability in the Zyxel NAS devices.