CySecurity News – Latest Information Security and Hacking Incidents
Zyxel has issued a cybersecurity advisory alerting administrators about various vulnerabilities impacting a variety of firewall, access point, and access point controller products.
While the flaws are yet not ascribed a high severity rating, the potential damage they can cause is something to be taken seriously as these flaws could be exploited by malicious attackers as an aspect of exploit chains. Moreover, Zyxel goods are used by large enterprises, and any exploitable faults in them attract threat actors right away.
The most serious of the four flaws is a command injection problem in various CLI commands, which is classified as CVE-2022-26532 (CVSS v3.1 7.8):
- CVE-2022-0734: A cross-site scripting vulnerability has been discovered in the CGI, which could allow a malicious script to access information stored in the user’s browser, such as cookies.
- CVE-2022-26531: A locally authenticated attacker might utilize a system crash by exploiting several erroneous input validation issues in various CLI commands of some firewall, AP controller, and AP versions.
- CVE-2022-26532: A command injection vulnerability in some firewall, AP controller, and AP versions’ “packet-trace” CLI command might enable a local authorized attacker to execute arbitrary OS instructio
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: