Security research

deeply convinced of SSL VPN command injection vulnerability

0x00   Vulnerability number

Not yet

0x01   Hazard level


0x02   Vulnerability overview

Deeply convinced that there is an injection vulnerability in URL parameters in an interface of SSL VPN products, an attacker can use this vulnerability to obtain control rights of SSL VPN devices.

0x03 version affected

SSL VPN <= 7.6.7

SSL VPN <= 7.6.7

0x04 repair suggestions

At present, the vulnerability repair version has been officially released. The download address for security status query is:

Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co