Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
HHS

Four-Faith Routers Exploited Using New Flaw

The vulnerability, tracked as CVE-2024-12856, affects F3x24 and F3x36 router models. It allows remote command execution through the router's default credentials, potentially compromising thousands of ...
ZDNet

Patch released for Fortinet command injection vulnerability

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...
Ars Technica

Zyxel warns of vulnerabilities in a wide range of its products

Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which ...
Dark Reading

Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

A command-injection vulnerability in Zyxel CPE Series devices is being targeted by threat actors, and there's no patch available. The bug, tracked as CVE-2024-40891, was first discovered by VulnCheck, ...
Dark Reading

Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection

Fortra has released security updates for a maximum severity vulnerability found in GoAnywhere Managed File Transfer's (MFT) License Servlet. It carries the highest possible CVSS score of 10 out of 10.