Security Blog
In-depth analysis, research findings, and technical writeups on cybersecurity topics.
Featured Articles
LLM Attack on ZYXEL Nebula AI
As part of a research project on prompt injection and AI security, the behavior of Zyxel’s Nebula AI chatbot was analyzed. The objective was to evaluate whether the model could be manipulated into disclosing internal information or metadata not intended for end-users.
An in-depth walkthrough of how a flawed file upload mechanism in Zyxel’s cloud migration service allowed arbitrary PHP file upload and execution, leading to full remote code execution on the backend infrastructure.
The incorrect permission assignment vulnerability in the PostgreSQL commands of certain USG FLEX H series uOS firmware versions could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token.
Recent Articles
CVE-2025-8078: Remote Code Execution via CLI Command Injection
An undocumented parameter of the "web-auth" command could allow an authenticated attacker to execute commands remotely due to improper input sanitization, potentially resulting in full device compromise.
CVE-2025-9133: Configuration Exposure via Authorization Bypass
A vulnerability in the zysh-cgi component of the USG/ATP Series allows a low-privileged, semi-authenticated attacker to access the device’s configuration, bypassing authorization controls. This issue arises due to missing authorization checks and an incomplete validation of disallowed inputs, enabling the attacker to interact with restricted system functionalities through crafted requests. Successful exploitation may lead to exposure or modification of sensitive configuration data, even when two-factor authentication is enabled for the compromised account.
CVE-2023-27991: Remote Code Execution in ZYXEL ATP/USG (V5.35)
This writeup explain how to gain a remote code execution vulnerability in the ZLD product series. The vulnerability could allow attackers to execute arbitrary code on the target system.
A reverse engineering challenge from a CTF competition
This writeup covers the solution to a reverse engineering challenge from a recent CTF competition. The challenge required participants to reverse engineer a binary and find the flag.
CVE-2024-7203: Remote Code Execution in ZYXEL ATP/USG (V5.38)
During our ZLD assessment, we found a vulnerability to OS Command Injection that could allow attackers to compromise the entire device.
CVE-2024-12398: Privilege Escalation in ZYXEL Access Point
I found a privilege escalation vulnerability in the WBE product series, allowing unauthorized administrative access under certain conditions.