Israel-based Sternum Securuty offers an embedded platform built for connected devices. By augmenting every device with patented runtime security and granular observability, Sternum provides product, business, security, engineering, and compliance teams with continuous in-field product and fleet monitoring, built-in security, and invaluable business insights. Deployed on millions of devices, and serving the world’s leading device manufacturers, Sternum enables organizations to improve operational efficiency and achieve business excellence.
Sternum recently identified a security vulnerability that affects owners of Zyxel Networks’ Linux-operated NAS326, NAS540, and NAS542 storage devices running the latest firmware (Version 5.21). The device vulnerability has been acknowledged by Zyxel who issued a patch and a Common Vulnerabilities and Exposures (CVE) notice, with CVE-2023-27988 being published on May, 30th, 2023.
The identified Zyxel NAS appliances allow for the storage of user data in a single location, including cloud data, photos, videos, or USB data. Sternum security researchers were in the process of scanning one of the Zyxel NAS units as part of the company’s standard lab deployment process when a “Dangerous String Format” alert was triggered by one of the security logics in the Sternum security platform. When such a pattern is confirmed, Sternum’s software issues an alert with the details of the string format and the executing process name — which identifies the root cause of the issue.
For more in the company, visit www.sternumiot.com
