Zyxel has swiftly responded to critical vulnerabilities affecting its NAS326 and NAS542 devices, despite the products already reaching their end-of-vulnerability support. These vulnerabilities, including command injection and remote code execution flaws, pose significant risks to users’ systems, potentially allowing attackers to execute operating system commands and gain unauthorized access. Despite the end-of-support status, Zyxel has released patches targeting these vulnerabilities, emphasizing its commitment to ensuring the ongoing security of its users.
The vulnerabilities, identified as CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974, highlight the importance of immediate action to mitigate potential threats. By exploiting these vulnerabilities, attackers could execute arbitrary code, upload crafted configuration files, or abuse privilege management to compromise the integrity and security of affected NAS devices. Zyxel’s proactive approach in releasing patches for these critical vulnerabilities, despite the end-of-support status of the products, underscores the company’s dedication to protecting its users’ data and systems from evolving cyber threats.
Affected users of NAS326 and NAS542 devices are strongly advised to apply the patches immediately to safeguard their systems against potential exploitation. Zyxel’s swift response to these vulnerabilities reflects its commitment to maintaining the security and integrity of its products, ensuring that users can continue to rely on their NAS devices without compromising their data or system security.
