Main Vulnerability Database Exploits ID:10176 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29975

ID:10176 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29975

Published: July 5, 2024

Vulnerability identifier: #VU91249

Vulnerability risk: Low

CVE-ID: CVE-2024-29975

CWE-ID: CWE-269

Exploitation vector: Local access

Vulnerable software:
NAS326
NAS542

Link to public exploit:

https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

Vulnerability description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in the SUID executable binary. A local administrator can execute system commands as the "root" on the target device.

Remediation

Install updates from vendor's website.

ID:10176 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29975

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human