9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution


Over the last two weeks, Cisco Talos has revealed 17 vulnerabilities, nine of which are in well-known VPN products. Attackers may utilize these flaws in the business and individual SoftEther VPN software to coerce users to terminate their connections or run arbitrary code on the targeted device.

The Peplink Surf line of wireless and residential routers has a cross-site scripting (XSS) vulnerability that might be exploited by an attacker to change HTML elements and force them to run any JavaScript. This information was discovered by Talos’ Vulnerability Research team. However, with a CVSS severity score of just 3.4 out of 10, this vulnerability is not thought to be especially dangerous.

Read More…