Created
May 16, 2018 07:17
-
-
Save bohdantrotsenko/94fe7fdad6c69af03b27ee789eea1e11 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Firmware version 3.0.0.4.380_10446 | |
| - Release Note - | |
| Bug fixes and enhancements: | |
| - Fixed information disclosure vulnerability. Thanks to Haitan Xiang and Fand Wang. | |
| - Fixed CVE-2018-5721 Stack-base buffer overflow vulnerability | |
| - Fixed CVE-2018-8826 remote code code execution vulnerability. Thanks to Chris Wood. | |
| - Fixed CVE-2018-5999 HTTP authorization bypass and CVE-2018-6000. | |
| An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program | |
| - Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet's FortiGuard Labs | |
| - Fixed CVE-2017-14491: DNS - 2 byte heap based overflow | |
| - Fixed CVE-2017-14492: DHCP - heap based overflow | |
| - Fixed CVE-2017-14493: DHCP - stack based overflow | |
| - Fixed CVE-2017-14494: DHCP - info leak | |
| - Fixed CVE-2017-14495: DNS - OOM DoS | |
| - Fixed CVE-2017-14496: DNS - DoS Integer underflow | |
| - Fixed CVE-2017-13704: Bug collision | |
| - Fixed AiCloud 2.0 Reflected XSS Vulnerability. Thanks to Guy Arazi and Niv Levi contribution. | |
| Thanks to Guy Arazi for following vulnerabilities. | |
| - AiCloud 2.0 Stored XSS Share link manager. | |
| - AiCloud 2.0 Reflected XSS - "share a link" | |
| - Download Master HTTP service DoS vulnerability. | |
| - Download Master Reflected XSS Main login. | |
| - Fixed Smart Sync Stored XSS vulnerabilities. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment