Zyxel Networks released an emergency security update to address the critical flaws in some of its NAS devices (NAS 326 and NAS542) that have reached end-of-life. An attacker can exploit the vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976) to perform command injection attacks, achieve remote code execution, privilege escalation and information disclosure on an affected device.

Zyxel has released security updates to address these vulnerabilities in its products. Additional information about vulnerabilities and updates can be found at Zyxel Security Advisory – zyxel.com.