June 25, 2024 By Pierluigi Paganini
Researchers warn that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices.
Researchers at the Shadowserver Foundation warn that a Mirai-based botnet has started exploiting a recently disclosed vulnerability tracked as CVE-2024-29973 (CVSS score 9.8) in end-of-life NAS devices Zyxel NAS products.
The flaw is a command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0. An unauthenticated attacker can exploit the flaw to execute some operating system (OS) commands by sending a crafted HTTP POST request.
The vulnerability affects NAS326 running firmware versions 5.21(AAZF.16)C0 and earlier, and NAS542 running firmware versions 5.21(ABAG.13)C0 and older.
The vulnerability stems from the fix for another code injection issue tracked as CVE-2023-27992 that was addressed in June 2023.
