1 comments

  • psd1 8 hours ago

    > The flaw is reported to affect the "start VNC" feature — an attacker can inject shell metacharacters via JSON payloads in HTTP requests to this endpoint. No authentication is required, no user interaction is needed, and attack complexity is low.

    I reassure myself that close to 100% of fortigate costumes have the control plane locked down.

    I have come to believe that not a single embedded web server is without critical vulns, after deploying maybe a million patches to HP boxen for the iLO mgmt interface

    I that it's largely only software companies that have a red team mindset, and only a minority of them. Everyone else is patching when upstream patches and job done.