More security fixes in V4.62 for V4.30 and greater
Any further details on these fixes in V4.62?
1. Remote Code Execution vulnerability fix.Vulnerability Description:These are affected by a CGI vulnerability by the improper input sanitization of HTTP requests. It could allow Hackers to perform remote code execution via OS command injection.Affected Version:ZLD V4.35 and above
2. Buffer Overflow vulnerability fix.Vulnerability Description:The buffer overflow vulnerability causes a program to overwrite a memory block, so the system might be unstable or terminate abnormally.Affected Version:ZLD V4.30 and above Recommended Action:Users are advised to upgrade to the latest firmware (ZLD4.62) or hotfix immediately for optimal protection.Thank you for choosing ZyWALL ATP and USG FLEX series. Zyxel is committed to continuously updating your devices for the most advanced features.
0
Accepted Solution
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Categories
- 8.1K All Categories
- 1.6K Nebula
- 59 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.3K Security
- 222 Security Ideas
- 936 Switch
- 42 Switch Ideas
- 818 WirelessLAN
- 19 WLAN Ideas
- 5K Consumer Product
- 136 Service & License
- 266 News and Release
- 52 Security Advisories
- 13 Education Center
- 536 FAQ
- 252 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 66 About Community
- 44 Security Highlight