1 story taggedAlibaba.
A researcher at FoxIO disclosed the bug on 8 July. There is no fix, no login required, and no malformed packets involved.