Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes

Zyxel released security fixes for critical vulnerabilities in NAS326 and NAS542 (EOL) firmware after an Outpost24 intern reported five bugs, including three critical RCEs (CVEs 2024-29972/29973/29974) — a backdoor 'NsaRescueAngel', a Python code-injection endpoint, and an RCE affecting the file_upload-cgi leading to persistence. Proof-of-concept code was published, patches were issued for extended-support customers, and there is no confirmed evidence of in-the-wild exploitation.