A new vulnerability, identified as CVE-2024-29973, has been discovered in Zyxel NAS devices, making them vulnerable to attacks from a Mirai-like botnet. This issue, which involves a Python code injection flaw, arises from a defect in the simZysh endpoint of Zyxel NAS devices’ web server. This endpoint was introduced during a patch for a previous vulnerability (CVE-2023-27992) and unfortunately carried over similar security weaknesses.
The core of the problem lies in the use of the eval() function within the simZysh endpoint, which can execute arbitrary code if not properly sanitized. Attackers can exploit this flaw by injecting crafted Python code through specific requests, bypassing existing security filters and executing commands on the device. This could potentially open a backdoor, giving attackers unauthorized access to the NAS device.
Zyxel has been informed of the vulnerability and has released patches to address the issue. In the interim, users are advised to take precautionary measures such as disabling remote access to their NAS devices, applying network segmentation to isolate the devices, and monitoring network traffic for unusual activity that could indicate an ongoing attack.
The discovery of CVE-2024-29973 underscores the ongoing challenges in securing IoT devices. As attackers continue to exploit such vulnerabilities, it is crucial for manufacturers to implement robust security measures and for users to remain vigilant in protecting their systems from potential threats.
Reference:
