More security fixes in V4.62 for V4.30 and greater
Accepted Solution
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
All Replies
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight