"We've repeatedly informed the company about the flaw, and the site in question has been down for months now, indicating that Royal Mail is working to mitigate the issue or has already done so. The company has yet to respond to our requests for comments."
The issue, CVE-2023-29552, is in the Service Location Protocol, which is used by a wide variety of devices to find services on local area networks. A vulnerability in the protocol allows unauthenticated remote attackers to register arbitrary services, which can be used to spoof UDP traffic and cond
[
add
]
[
|
|
...
]