Security Info

As Cyber attacks seem to move more into the focus of the WEF, I wanted to let you know that you can lock down NeDi some more by simply deleting devwrite.pl from nedi’s inc/ folder. It might be a good idea to do that anyway, if you don’t intend to use Devces-Write from the GUI.

If you don’t provide any write credentials to NeDi it will not be able to perform any changes on network devices.

Just in case you’re still using NeDi+ 2.0 and didn’t get to apply the latest patch to it. You can copy Nodes-Traffic.php and Monitoring-History.php from the NeDi-2.0 Community release over to your installation in order to mitigate 2 vulnerabilities mentioned in the previous news article.

Similar Posts