![]() ![]() However, this CGI program cannot properly handle the username parameter passed to it. ![]() NAS devices from ZyXEL allow authentication by using the weblogin.cgi executable CGI file. Several ZyXEL network attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow a remote attacker to execute arbitrary code on a vulnerable device without logging in. On this security advisory was published for various Zyxel NAS models. Multiple ZyXEL NAS devices are vulnerable to pre-authentication command injection using the web administration interface – CVE-2020-9054Įxecuted commands may leverage built-in capabilities to execute commands with root privileges. ![]() I became aware of the security issue through the following tweet from Will Dormann. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |