Sophos fixes SQL injection vulnerability in Cyberoam OS

[German]Note for people running Sophos firewalls or similar with Cyberoam OS. Sophos has deployed a hotfix for its Cyberoam firewalls and routers to address an SQL injection vulnerability.


Sophos bought firewall and router vendor Cyberoam Technologies in 2014 and has been offering free upgrades for its XG Firewall OS since 2019.

SQL injection vulnerability in Cyberoam OS

In a security advisory, Sophos informs about a SQL injection vulnerability in Cyberoam OS, writing:

A pre-authentication SQL injection vulnerability was recently discovered and fixed on Cyberoam operating system (CROS) devices. This type of vulnerability could allow SQL statements to be executed remotely, but only if the administration interface (HTTPS admin service) was exposed on the WAN zone. No other Sophos products were affected.

Sophos provided a hotfix for several CROS versions. Here is an overview:

In the security advisory, Sophos provides information on how to ensure that the hotfix is installed. Bleeping Computer has published some more information here.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.