Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request (CVE-2024-29972) A command injection vulnerability in the “setCookie” parameter that could allow an unauthenticated attacker to execute some OS … More
The post Zyxel patches critical flaws in EOL NAS devices appeared first on Help Net Security.
This article has been indexed from Help Net Security