More security fixes in V4.62 for V4.30 and greater
Ally Member
Accepted Solution
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Guru Member
All Replies
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 489 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 47 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 455 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight
