In addition, the device’s proprietary command-line interface language is vulnerable to command injection via application program interface (API), which could allow low-privilege users to execute system commands as root.Īs NSA325 v2 is a legacy model that has been retired from the market, firmware updates are no longer supported. The NSA325 v2 device lacks request origin verification functionality for browser authentication, potentially resulting in cross-site request forgery. After investigation, even if the two vulnerabilities could result in cross-site request forgery (CSRF) or command injection, attackers would be unable to launch these attacks without successfully logging in to the device. There were two vulnerabilities found on Zyxel NSA325 v2 media server. A recent study dubbed SOHOpelessly Broken 2.0 tested 13 SOHO routers and NAS devices and identified security vulnerabilities, including 125 common vulnerabilities and exposures (CVE).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |