naxrev.blogg.se - Zyxel firmware update

Learn how and why it is finally changing. America - V5.50(ABSL.0)b12 in Sep.The technology world has spent so much of the past two decades focused on innovation that security has often been an afterthought. Please note that the table below does NOT include customized models for internet service providers (ISPs). If a product is not listed, it is not affected or has reached end-of-life. What versions are vulnerable-and what should you do?Īfter a thorough investigation, we’ve identified the affected products that are within their warranty and support period, as shown in the table below.

A cross-site scripting vulnerability was identified in the printer name field of the print server menu within the web interface of the devices.

A security flaw was found in API of the devices that could be abused without authentication in order to obtain a new session key.

The improper symbolic links processing vulnerability in the FTP server could allow an attacker to get read access to the root file system.

Access control vulnerabilities in the devices could allow a less privileged user to access functionality of a more privileged role.

Command injection vulnerabilities were found in the diagnostic tool and the certificate upload interface of the devices.

Insufficiently protected credentials in the configuration file of the devices could allow an attacker to retrieve the passwords.

The CGI program lacks a proper permission control mechanism, which could allow an attacker to read sensitive files on the devices.

Multiple buffer overflow vulnerabilities were discovered in the web server of the affected devices.

There are eight vulnerabilities, identified as follows.

Zyxel is aware of multiple vulnerabilities reported by our security consultancy partner, SEC Consult, and advises users to install the applicable firmware updates for optimal protection. Zyxel security advisory for multiple vulnerabilities Summary