Security Blog
In-depth analysis, research findings, and technical writeups on cybersecurity topics.
Featured Articles
The incorrect permission assignment vulnerability in the PostgreSQL commands of certain USG FLEX H series uOS firmware versions could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token.
Recent Articles
LLM Attack on ZYXEL Nebula AI
As part of a research project on prompt injection and AI security, the behavior of Zyxel’s Nebula AI chatbot was analyzed. The objective was to evaluate whether the model could be manipulated into disclosing internal information or metadata not intended for end-users.
File Upload Vulnerability in ZYXEL Configuration Migration Tool
An in-depth walkthrough of how a flawed file upload mechanism in Zyxel’s cloud migration service allowed arbitrary PHP file upload and execution, leading to full remote code execution on the backend infrastructure.
CVE-2023-27991: Remote Code Execution in ZYXEL ATP/USG (V5.35)
This writeup explain how to gain a remote code execution vulnerability in the ZLD product series. The vulnerability could allow attackers to execute arbitrary code on the target system.