CVE-2024-29974

CRITICAL

Zyxel NAS326 <V5.21(AAZF.17)C0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29974. PoCs published by Pommaq.

AI-analyzed exploit summary This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE on vulnerable ZyXEL devices.

Description

** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.

Exploits (1)

github WORKING POC 4 stars

by Pommaq · pythonpoc

https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

View Code ZIP pw:eip

This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE on vulnerable ZyXEL devices.

Classification

Working Poc 95%

Attack Type

Rce | Lpe | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ZyXEL NAS devices (e.g., NAS326)

No auth needed

Prerequisites: Network access to the vulnerable device · Python 3 environment for exploit execution

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Scores

CVSS v3 9.8

EPSS 0.2278

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

zyxel/nas326_firmware < 5.21\(aazf.17\)c0

zyxel/nas542_firmware < 5.21\(abag.14\)c0

Published Jun 04, 2024

Tracked Since Feb 18, 2026