This may require a manual install, as the patching for this may not auto-run.
A vulnerability allows man-in-the-middle attackers to hijack the authentication of administrators.
The vulnerability reported by PWN2OWN 2024 (ZDI-CAN-25487) has been addressed.
What’s the exposure surface of this if I have remote access disabled?
Probably none. This is a MITM attack, so they need to be between you and the device. Usually that’s done by being on the local network, though it could also be someone who has compromised your router/firewall appliance.
Of course, you should never expose services like this to the Internet. If you need remote access, use a VPN.