๐Ÿท๏ธ vulnerability-management

4 articles tagged vulnerability-management.

Ninety Days to the Clock: What the EU Cyber Resilience Act's 24-Hour Reporting Rule Means for Connected Offices

Ninety Days to the Clock: What the EU Cyber Resilience Act's 24-Hour Reporting Rule Means for Connected Offices

From September 11, 2026, manufacturers of connected products sold in the EU must report actively exploited vulnerabilities to ENISA within 24 hours. The obligation reaches routers, cameras, smart-building devices and OT, carries fines up to โ‚ฌ15 million or 2.5% of global turnover, and reshapes how buyers should evaluate vendors. With roughly 90 days to go, two-thirds of vendors say they are still unfamiliar with the regulation.

 When the Network Is the Target: Acer's CVSS 10.0 Router Zero-Days and an Exploited Cisco SD-WAN Flaw

When the Network Is the Target: Acer's CVSS 10.0 Router Zero-Days and an Exploited Cisco SD-WAN Flaw

Acer shipped advisories for two maximum-severity zero-days in its Wave 7 mesh routers โ€” a world-readable log leaking cleartext admin credentials and a hardcoded AES key that lets attackers backdoor device backups. Days later, Cisco confirmed active exploitation of a Catalyst SD-WAN Manager flaw being chained to push rogue configurations to edge devices. Both fit the dominant 2026 pattern: the network itself is the target.

 CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake โ€” before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

 Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

New research tracking connected device risk across IT, OT, IoT, and IoMT environments has named routers the single most dangerous device category in enterprise networks, averaging 32 vulnerabilities per device and accounting for roughly a third of all critical vulnerabilities found in corporate infrastructure. Forty percent of device types on the 2026 riskiest list are entirely new entries, and 75% were not on the list two years ago โ€” a pace of attack surface expansion that most security programs are not designed to absorb.

โ† All topics

Ask Sage ๐Ÿค–