Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data storage and backup. CVE-2024-6342 – reported by Nanyu Zhong and Jinwei Dong from VARAS@IIE – is a vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 devices that can be triggered by unauthenticated attackers via a … More
The post Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) appeared first on Help Net Security.