photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

255
active users

#zyxel

0 posts0 participants0 posts today

So, one more switch arrived, the GS1900-24E, the non-#PoE variant of the #ZyXEL switch that I got before. And without PoE it was even about half the price on #Kleinanzeigen, just 35€. I wanted to have one that I could install at our hackspace, the #Nobreakspace, for production and one for development on #multicast.
This also means that things are getting more serious now, I think I have nearly all code changes/fixes now. Will need to clean them up a bit and submit pull requests then.

Reading some of the online commentary about the whole #Zyxel fiasco, I had a very similar experience many years back. My team at work and I did a bunch of research time hacking on all kinds of settop media streaming pucks, and we found a ton of broken stuff (Multiple CVSS10.0s) and when we reported it responsibly the response was basically the same: "yeah that's old we won't fix it."

Apart from creating all the ewaste, it's kinda bullshit that companies can do that. Though I do wonder how hard it would be for the #Hacker community to patch this themselves.

#zyxel #security advisory for authentication bypass and command injection vulnerabilities in #NAS products

CVE-2023-35137 - improper authentication
CVE-2023-35138 - command injection
CVE-2023-37927 - improper neutralization of special elements
CVE-2023-37928 - post auth command injection
CVE-2023-4473 - command injection
CVE-2023-4474 - improper neutralization of special elements

Fortunately, Zyxel has released patches for these. Update to the latest #firmware.

#cybersecurity #infosec #cve #vulnerability

techspot.com/news/101025-zyxel

TechSpot · Zyxel warns about new critical vulnerabilities found in its NAS devicesBy Alfonso Maruccia
heise+ | Kurztests: Ratgeber-App, Videoschnittprogramm und Outdoor-WLAN

Die Kurztests dieser Woche: App zur Digitalisierung von Vereinen, Video Vision von AquaSoft und WLAN-Access-Point​ von Zyxel.
Kurztests: Ratgeber-App, Videoschnittprogramm und Outdoor-WLAN
heise onlineKurztests: Ratgeber-App, Videoschnittprogramm und Outdoor-WLANBy Dorothee Wiegand, Greta Friedrich, André Kramer, Ernst Ahlers
#dsgvo#apps#vereine