¡¾Â©¶´Í¨¸æ¡¿Zyxel NASÉ豸Զ³Ì´úÂëÖ´ÐЩ¶´£¨CVE-2024-29974£©
Ðû²¼Ê±¼ä 2024-06-04Ò»¡¢Â©¶´¸ÅÊö
©¶´Ãû³Æ | Zyxel NASÉ豸Զ³Ì´úÂëÖ´ÐЩ¶´ | ||
CVE ID | CVE-2024-29974 | ||
©¶´ÀàÐÍ | RCE | ·¢ÏÖʱ¼ä | 2024-06-04 |
©¶´ÆÀ·Ö | 9.8 | ©¶´Æ·¼¶ | ÑÏÖØ |
¹¥»÷ÏòÁ¿ | ÍøÂç | ËùÐèȨÏÞ | ÎÞ |
ÀûÓÃÄÑ¶È | µÍ | Óû§½»»¥ | ÎÞ |
PoC/EXP | ÒѹûÈ» | ÔÚÒ°ÀûÓà | δ·¢ÏÖ |
ºÏÇڿƼ¼£¨ZyXEL£©Êǹú¼ÊÖªÃûµÄÍøÂç¿í´øÏµÍ³¼°½â¾ö·½°¸¹©Ó¦ÉÌ¡£
2024Äê6ÔÂ4ÈÕ£¬¶¶È¦Îª¶Ä¶øÉú¼¯ÍÅVSRC¼à²âµ½Zyxel NASÉ豸ÖÐÐÞ¸´Á˶à¸ö©¶´£¬Ä¿Ç°ÕâЩ©¶´µÄ¼¼Êõϸ½Ú¼°²¿ÃÅPoCÒѹûÈ»£¬ÏêÇéÈçÏ£º
CVE-2024-29972£ºZyxel NASÉ豸ÃüÁî×¢Èë©¶´
Zyxel NAS326 ºÍ NAS542 É豸ÖеÄCGI ·¨Ê½remote_help-cgiÖдæÔÚÃüÁî×¢Èë©¶´£¬¿ÉÄܵ¼ÖÂδ¾Éí·ÝÑéÖ¤µÄÍþвÕßͨ¹ý·¢ËͶñÒâÉè¼ÆµÄ HTTPÇëÇóÖ´ÐÐijЩϵͳÃüÁî¡£
CVE-2024-29973£ºZyxel NASÉ豸ÃüÁî×¢Èë©¶´
Zyxel NAS326 ºÍ NAS542 É豸ÖеÄsetCookie²ÎÊýÖдæÔÚÃüÁî×¢Èë©¶´£¬¿ÉÄܵ¼ÖÂδ¾Éí·ÝÑéÖ¤µÄÍþвÕß·¢ËͶñÒâÉè¼ÆµÄ HTTP POST ÇëÇóÖ´ÐÐijЩϵͳÃüÁî¡£
CVE-2024-29974£ºZyxel NASÉ豸Զ³Ì´úÂëÖ´ÐЩ¶´
Zyxel NAS326 ºÍ NAS542 É豸ÖеÄCGI ·¨Ê½file_upload-cgiÖдæÔÚÔ¶³Ì´úÂëÖ´ÐЩ¶´£¬Î´¾Éí·ÝÑéÖ¤µÄÍþвÕß¿Éͨ¹ý½«¶ñÒâÉè¼ÆµÄÅäÖÃÎļþÉÏ´«µ½Ò×Êܹ¥»÷µÄÉ豸µ¼ÖÂÖ´ÐÐÈÎÒâ´úÂë¡£
CVE-2024-29975£ºZyxel NASÉ豸µ±µØÈ¨ÏÞÌáÉý©¶´
Zyxel NAS326 ºÍ NAS542 É豸ÖеÄSUID¿ÉÖ´Ðжþ½øÖÆÎļþÖдæÔÚȨÏÞ¹ÜÀí²»Í×£¬¿ÉÄܵ¼Ö¾¹ýÉí·ÝÑéÖ¤ÇÒ¾ßÓйÜÀíԱȨÏ޵ĵ±µØÍþвÕßÒÔrootÓû§Éí·ÝÔÚÒ×Êܹ¥»÷µÄÉ豸ÉÏÖ´ÐÐijЩϵͳÃüÁî¡£
CVE-2024-29976£ºZyxel NASÉ豸ȨÏÞÌáÉýÐÅϢй¶©¶´
Zyxel NAS326 ºÍ NAS542 É豸ÖеÄshow_allsessionsÃüÁî´æÔÚȨÏÞ¹ÜÀí²»Í×£¬¿ÉÄܵ¼Ö¾¹ýÉí·ÝÑéÖ¤µÄµÍȨÏÞÍþвÕß»ñÈ¡ÊÜÓ°ÏìÉ豸ÉÏËùÓо¹ýÉí·ÝÑéÖ¤µÄÓû§£¨°üÂÞ¹ÜÀíÔ±£©µÄ»á»°ÁîÅÆ£¬´Ó¶ø»ñµÃÉ豸¹ÜÀíÔ±·ÃÎÊȨÏÞ¡£
¶þ¡¢Ó°Ï췶Χ
NAS326É豸°æ±¾<= V5.21(AAZF.16)C0
NAS542É豸°æ±¾<= V5.21(ABAG.13)C0
×¢£ºNAS326ºÍNAS54É豸Ŀǰ¹©Ó¦ÉÌÒÑÍ£Ö¹Ö§³Ö¡£
Èý¡¢Äþ¾²´ëÊ©
3.1 Éý¼¶°æ±¾
¼øÓÚ©¶´µÄÑÏÖØÐÔ£¬Ä¿Ç°¹©Ó¦ÉÌÒÑÐû²¼ÁËCVE-2024-29972¡¢CVE-2024-29973 ºÍ CVE-2024-29974µÄ²¹¶¡£¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔϰ汾£º
NAS326É豸£ºÉý¼¶µ½V5.21(AAZF.17)C0
NAS542É豸£ºÉý¼¶µ½V5.21(ABAG.14)C0
ÏÂÔØÁ´½Ó£º
https://www.zyxel.com/global/en/support/download?model=nas326
3.2 ÁÙʱ´ëÊ©
ÔÝÎÞ¡£
3.3 ͨÓý¨Òé
l ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£
l ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ¼ÆÄ±£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£
l ʹÓÃÆóÒµ¼¶Äþ¾²²úÎÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£
l ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔÔò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏÞ¶È¡£
l ÆôÓÃÇ¿ÃÜÂë¼ÆÄ±²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£
3.4 ²Î¿¼Á´½Ó
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/#cve-2024-29976-%e2%80%93-privilege-escalation-and-information-disclosure-vulnerability
ËÄ¡¢°æ±¾ÐÅÏ¢
°æ±¾ | ÈÕÆÚ | ±¸×¢ |
V1.0 | 2024-06-04 | Ê×´ÎÐû²¼ |
Îå¡¢¸½Â¼
5.1 ¶¶È¦Îª¶Ä¶øÉú¼ò½é
¶¶È¦Îª¶Ä¶øÉú½¨Á¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£
¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶¶È¦Îª¶Ä¶øÉú´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©
¶àÄêÀ´£¬¶¶È¦Îª¶Ä¶øÉúÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Å¬Á¦¡£
5.2 ¹ØÓÚ¶¶È¦Îª¶Ä¶øÉú
¶¶È¦Îª¶Ä¶øÉúÄþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯£¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´£¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£
¹Ø×¢ÎÒÃÇ£º