Full Disclosure mailing list archives
HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Tue, 7 Jun 2022 08:42:46 +0200
Dear Full Disclosure, Find attached a security advisory that details multiple vulnerabilities we discovered in the zysh shell distributed with some Zyxel products, including their security appliances. * Title: Multiple vulnerabilities in Zyxel zysh * Products: Zyxel firewalls, AP controllers, and APs * Author: Marco Ivaldi <marco.ivaldi () hnsecurity it> * Date: 2022-06-07 * CVE Names and Vendor CVSS Scores: CVE-2022-26531: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (6.1) CVE-2022-26532: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8) * Advisory URLs: https://github.com/hnsecurity/vulns/blob/main/HNS-2022-02-zyxel-zysh.txt https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml For additional information, please refer to our vulnerability writeup: https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/ Regards, -- Marco Ivaldi https://0xdeadbeef.info/ "When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
Attachment:
HNS-2022-02-zyxel-zysh.txt
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh Marco Ivaldi (Jun 10)