Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability


According to the business, a command injection vulnerability in the CGI programme of particular firewall versions could allow an attacker to change specific files and subsequently execute some OS instructions on a vulnerable device.

The vulnerability could allow a remote unauthenticated adversary to execute code as the “nobody” user on vulnerable appliances, according to Rapid7, which found and reported the problem on April 13, 2022. Read More…