{"uuid": "037f0e40-e993-4a04-94c6-37bd0c30254f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29973", "type": "seen", "source": "https://t.me/brutsecurity/550", "content": "\u26a0\ufe0fCVE-2024-29973: Unauthorized command injection in Zyxel NAS devices\u26a0\ufe0f \n\n\ud83d\udd0dThis command injection vulnerability in the \u201csetCookie\u201d parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS commands by sending a crafted HTTP POST request. \n \n\ud83d\udcccPoC: https://github.com/k3lpi3b4nsh33/CVE-2024-29973 \n \n\ud83d\udce3Dorks: \n\ud83d\udd3dHunter: product.name=\"ZyXEL NAS542\"||http://product.name=\"ZyXEL NAS326\" \n\ud83d\udd3cFOFA: app=\"NAS542\" || app=\"ZYXEL-NAS326\" \n\ud83d\udd3dSHODAN: http.title:\"Zyxel NAS326\"", "creation_timestamp": "2026-07-09T03:00:13.660734Z"}