Описание
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одновременно
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
Уязвимость реализации сценариев export-cgi и file_upload-cgi функции резервного копирования и восстановления конфигураций устройства микропрограммного обеспечения сетевых хранилищ Zyxel NAS326 и Zyxel NAS542, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный код
EPSS
9.8 Critical
CVSS3