Full Disclosure mailing list archives

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh

From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Tue, 7 Jun 2022 08:42:46 +0200

Dear Full Disclosure,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the zysh shell distributed with some
Zyxel products, including their security appliances.

* Title: Multiple vulnerabilities in Zyxel zysh
* Products: Zyxel firewalls, AP controllers, and APs
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2022-06-07
* CVE Names and Vendor CVSS Scores:
  CVE-2022-26531: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (6.1)
  CVE-2022-26532: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8)
* Advisory URLs:
  https://github.com/hnsecurity/vulns/blob/main/HNS-2022-02-zyxel-zysh.txt
  https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/

Regards,

--
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."

Attachment: HNS-2022-02-zyxel-zysh.txt
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh Marco Ivaldi (Jun 10)