More security fixes in V4.62 for V4.30 and greater

dkyeager
dkyeager Posts: 71  Ally Member
First Comment Friend Collector Sixth Anniversary
edited April 2021 in Security
Any further details on these fixes in V4.62?

1. Remote Code Execution vulnerability fix.Vulnerability Description:These are affected by a CGI vulnerability by the improper input sanitization of HTTP requests. It could allow Hackers to perform remote code execution via OS command injection.Affected Version:ZLD V4.35 and above

2. Buffer Overflow vulnerability fix.Vulnerability Description:The buffer overflow vulnerability causes a program to overwrite a memory block, so the system might be unstable or terminate abnormally.Affected Version:ZLD V4.30 and above Recommended Action:Users are advised to upgrade to the latest firmware (ZLD4.62) or hotfix immediately for optimal protection.Thank you for choosing ZyWALL ATP and USG FLEX series. Zyxel is committed to continuously updating your devices for the most advanced features.

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @dkyeager

    You can refer to the following answers:

    What the patched vulnerabilities are? How will they affect the device security?

    1.Remote Code Execution vulnerability:

    When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)


    2.Buffer Overflow vulnerability:

    When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @dkyeager

    You can refer to the following answers:

    What the patched vulnerabilities are? How will they affect the device security?

    1.Remote Code Execution vulnerability:

    When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)


    2.Buffer Overflow vulnerability:

    When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.



    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community