Zyxel NAS devices has been hit with a critical vulnerability that’s actively exploited. The flaw, allows unauthenticated attackers to inject and execute malicious commands remotely, potentially compromising the security and integrity of the affected devices.
The vulnerability tracked as CVE-2024-29973 with a CVSS 9.8, discovered by Timothy Hjort of Outpost24’s Ghost Labs, is a command injection vulnerability in the “setCookie” parameter of the Zyxel NAS326 and NAS542 models. Exploiting this vulnerability allows attackers to gain unauthorized access to the device’s operating system and execute commands with potentially devastating consequences.
The exploitation attempts have been linked to a Mirai-like botnet; a notorious malware family known for hijacking vulnerable devices to create massive botnets. These botnets are often used to launch distributed denial-of-service (DDoS) attacks, which can cripple websites and online services.
The vulnerable Zyxel NAS models include NAS326 devices and NAS542 devices . While these models have reached end-of-life support, they are still widely used by individuals and businesses alike.
Zyxel has acknowledged and has released patches for customers with extended support. They strongly advise users to upgrade to the latest firmware versions, to mitigate the risk of compromise.
Zyxel NAS owners are strongly encouraged to act promptly to protect their devices from unauthorized access and potential incorporation into malicious botnets.
