Main Vulnerability Database Exploits ID:10174 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29976

ID:10174 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29976

Published: July 5, 2024

Vulnerability identifier: #VU91250

Vulnerability risk: Medium

CVE-ID: CVE-2024-29976

CWE-ID: CWE-269

Exploitation vector: Remote access

Vulnerable software:
NAS326
NAS542

Link to public exploit:

https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper privilege management in the command "show_allsessions". A remote user can obtain a logged-in administrator’s session information containing cookies on the target device.

Remediation

Install updates from vendor's website.

ID:10174 - Exploit for Improper Privilege Management in NAS326 and NAS542 - CVE-2024-29976

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human