CVE-2024-29975

MEDIUM

Zyxel NAS326 <V5.21(AAZF.17)C0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29975. PoCs published by Pommaq.

AI-analyzed exploit summary This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE.

Description

** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.

Exploits (1)

github WORKING POC 4 stars

by Pommaq · pythonpoc

https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

View Code ZIP pw:eip

This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE.

Classification

Working Poc 95%

Attack Type

Rce | Lpe | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ZyXEL NAS devices (e.g., NAS326)

No auth needed

Prerequisites: Network access to the target device · Vulnerable ZyXEL NAS firmware

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/

Vendor Advisory vendor-advisory

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Scores

CVSS v3 6.7

EPSS 0.0047

EPSS Percentile 36.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

zyxel/nas326_firmware < 5.21\(aazf.17\)c0

zyxel/nas542_firmware < 5.21\(abag.14\)c0

Published Jun 04, 2024

Tracked Since Feb 18, 2026