Thanks to Rick Ramgattie from Independent Security Evaluators for reporting this vulnerability to us. If you’ve found a vulnerability, we want to work with you to fix it. Please contact your local service rep for further information or assistance. Don't enable remote access unless it's absolutely necessary.
Use strong, unique passwords for every device and change them regularly.Change the default password when logging in to a new device for the first time.Do not log in to the device from a public computer, the cookies on which are more vulnerable to exposure and may be used by an attacker to forge requests.However, because attackers must log in to the device in order to launch such attacks, we recommend that users exercise good general security practices by following the guidance below: In addition, the device’s proprietary command-line interface language is vulnerable to command injection via application program interface (API), which could allow low-privilege users to execute system commands as root.Īs NSA325 v2 is a legacy model that has been retired from the market, firmware updates are no longer supported. The NSA325 v2 device lacks request origin verification functionality for browser authentication, potentially resulting in cross-site request forgery. After investigation, even if the two vulnerabilities could result in cross-site request forgery (CSRF) or command injection, attackers would be unable to launch these attacks without successfully logging in to the device. There were two vulnerabilities found on Zyxel NSA325 v2 media server. Techdata: ZyXEL NSA325 v1, v2 Usage hideseceditbutton IMPORTANT : Edit this page only via the LEFT edit button below the dataentry box After editing, please enter a short summary of your edit: Which field has been changed (e.g. A recent study dubbed SOHOpelessly Broken 2.0 tested 13 SOHO routers and NAS devices and identified security vulnerabilities, including 125 common vulnerabilities and exposures (CVE).
0 kommentar(er)
