Thursday, December 21, 2023

Review – 2 Advisories Published – 12-21-23

Today, CISA’s NCCIC-ICS published two control system security advisories for products from FXC and QNAP. The two reported vulnerabilities were also added to the CISA Known Exploited Vulnerabilities Catalog.


QNAP Advisory - This advisory describes an OS command injection vulnerability in the QNAP VioStor NVR QVR firmware.

FXC Advisory - This advisory describes and OS command injection vulnerability in the FXC AE1021 and AE1021PE LAN routers.


CISA needs to be more proactive about sharing credit for vulnerability discoveries. While reporting the researcher names in their advisories is important, it would be more appropriate to include links to the researcher reports that provide additional details about the vulnerabilities being reported. Links to publicly available exploits would also be helpful.


For more details about these advisories, including links to researcher reports, see my article at CFSN Detailed Analysis - - subscription required. 

No comments:

/* Use this with templates/template-twocol.html */