[Linux expoit] - CVE-2026-31431

Options
Maverick87
Maverick87 Posts: 150 image  Master Member
5 Answers First Comment Friend Collector
edited May 1 in Security

Hello everyone,
I recently came to know this new CVE: https://copy.fail

Some of devices are affected by this?
I have the USG Flex 200HP firewall and NWA130BE wireless. Are these devices affected by this bug by any chance?

Thank you

Accepted Solution

  • Zyxel_MarkV
    Zyxel_MarkV Posts: 4 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security
    Answer ✓

    This CVE matters mainly for:

    • Linux servers (Ubuntu, Debian, RHEL, etc.)
    • Kubernetes / Docker hosts
    • Shared systems (CI/CD, VPS, multi-user boxes)

    Because:

    It needs a local unprivileged user to run code

    Your firewall/AP:
    Don’t expose that attack surface
    Don’t allow arbitrary user code execution

    You are at risk if you have something like this behind the firewall:

    • Linux NAS with SSH users
    • Proxmox / ESXi with Linux VMs
    • Docker host running public containers
    • CI runner / dev box
    • VPS / cloud VM

All Replies

  • GiuseppeR
    GiuseppeR Posts: 721 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula 5 Answers First Comment

    That’s a really interesting question.

    I know that this bug is an LPE then it can escalate priviledges, so it has to be launched via SSH with a local access to that. Also a standard user.

    Anyway with a RCE exposed on web services it could bypass the rest of the process without touching the firewall/AP.

    I’ll follow this thread, that’s nice

  • Zyxel_MarkV
    Zyxel_MarkV Posts: 4 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security
    Answer ✓

    This CVE matters mainly for:

    • Linux servers (Ubuntu, Debian, RHEL, etc.)
    • Kubernetes / Docker hosts
    • Shared systems (CI/CD, VPS, multi-user boxes)

    Because:

    It needs a local unprivileged user to run code

    Your firewall/AP:
    Don’t expose that attack surface
    Don’t allow arbitrary user code execution

    You are at risk if you have something like this behind the firewall:

    • Linux NAS with SSH users
    • Proxmox / ESXi with Linux VMs
    • Docker host running public containers
    • CI runner / dev box
    • VPS / cloud VM

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)