Security News > 2020 > December > Sophos fixes SQL injection vulnerability in their Cyberoam OS
Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability.
Today, Sophos disclosed that a SQL injection vulnerability was fixed in the Cyberoam operating system that could remotely add accounts to a CROS device.
"A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface was exposed on the WAN zone," the Sophos advisory explains.
"A small subset of Cyberoam devices were affected by a pre-authentication SQL injection vulnerability and we quickly deployed a hotfix to these devices. No further action is required. More information is available at the Community Page and KBA.".
"We've been phasing out Cyberoam devices since early 2019, and recommend users update to XG Firewall. An easy upgrade path is available that allows Cyberoam users to upgrade their software free of charge," Sophos told BleepingComputer in a statement.