Security researchers at SEC Consult
The first issue is an information disclosure flaw via
“A DNS request can be made by an
SEC Consult researchers also published the PoC code for the vulnerability.
An attacker could use these credentials to log on to the APs FTP server and steal the configuration file that includes SSIDs and passwords.
“An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with
Sec Consult experts published the PoC code also for this vulnerability.
The researchers reported the issue to Zyxel at the end of June, the vendor released
Zyxel customers have to install the patches and firmware updates released by the vendor for their devices.
Additional technical details, including the lists of the affected devices, are available in the SEC Consult’s advisories.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.