CVE-2024-29972

Confirmed PUBLISHED

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before...

Zyxel · NAS326 firmware, NAS542 firmware

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
14
Unique Attacker IPs
7
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.8 Critical EPSS 89.3%

At a Glance

** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.

edge nuclei_scanner
CVE Published
Jun 04, 2024
Exploited Since
Jun 12, 2026
CVSS
9.8 Critical
EPSS
89.3%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
zyxel
nas326_firmware

0 to < v5.21\(aazf.17\)co

Affected
zyxel
nas542_firmware

0 to < 5.21\(abag.14\)co

Affected
Zyxel
NAS326 firmware

< V5.21(AAZF.17)C0

Affected
Zyxel
NAS542 firmware

< V5.21(ABAG.14)C0

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.