CVE-2024-29972

High PUBLISHED

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before...

Zyxel · NAS326 firmware, NAS542 firmware

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.8 Critical EPSS 89.2%

At a Glance

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

edge
CVE Published
Jun 04, 2024
Exploitation Reported
Jul 13, 2026
CVSS
9.8 Critical
EPSS
89.2%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
zyxel
nas326_firmware

0 to < v5.21\(aazf.17\)co

Affected
zyxel
nas542_firmware

0 to < 5.21\(abag.14\)co

Affected
Zyxel
NAS326 firmware

< V5.21(AAZF.17)C0

Affected
Zyxel
NAS542 firmware

< V5.21(ABAG.14)C0

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.