More security fixes in V4.62 for V4.30 and greater
Accepted Solution
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
See how you've made an impact in Zyxel Community this year!
1
All Replies
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
See how you've made an impact in Zyxel Community this year!
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight