More security fixes in V4.62 for V4.30 and greater
Ally Member
Accepted Solution
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Zyxel Employee
All Replies
-
Hi @dkyeager
You can refer to the following answers:
What the patched vulnerabilities are? How will they affect the device security?
1.Remote Code Execution vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, the attacker can inject the commands from url directly (e.g. inject reboot command to force the device to reboot without having admin authority)
2.Buffer Overflow vulnerability:
When the http/https service is enabled and allowed users to access the device GUI, an attacker can send a crafted HTTP request(by adjusting the http header) and caused to system stack overflow and reboot.
1
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 406 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
