CVE-2024-25734

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...

CVE-2024-25736

The CVE-2024-25736 entry affects WyreStorm Apollo VX20 devices prior to firmware version 1.3.58. The vulnerability allows remote attackers to restart the device by issuing a GET request to /device/reboot (Web interface/reboot and reset commands). Exploitation details in the sources describe an In...

CVE-2024-25736

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...

CVE-2024-25734

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered, which might make it easier for remote attackers to enumerate user accounts...

CVE-2024-25736

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request...

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...

CVE-2024-25735

WyreStorm Apollo VX20 devices prior to version 1.3.58 expose cleartext credentials via an HTTP GET on the SoftAP router endpoint /device/config. This is an information-disclosure/authentication- bypass issue affecting the web interface/config component; remote attackers can retrieve credentials w...

CVE-2024-25735

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request...

CVE-2024-25734

CVE-2024-25734 affects WyreStorm Apollo VX20 devices prior to version 1.3.58. The Telnet service prompts for a password only after a valid username is entered, enabling remote attackers with Telnet access (port 23) to enumerate valid accounts, potentially enabling brute-force attacks on credentia...

PT-2024-21118 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to restart the device via a "/device/reboot" GET request. Recommendations: For versions prior to 1.3.58, update to version 1.3.58 or later to resolve...

PT-2024-21117 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue was discovered where the TELNET service prompts for a password only after a valid username is entered. This might make it easier for remote attackers to enumerate user...

CVE-2024-28101

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

Apollo Router 安全漏洞

Apollo Router is a configurable, high-performance graphical router written in Rust. A security vulnerability exists in Apollo Router versions 0.9.5 through 1.40.2 that stems from a compressed payload that does not adhere to HTTP payload restrictions, resulting in a denial of service...

Design/Logic Flaw

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

CVE-2024-28101

CVE-2024-28101 concerns the Apollo Router (Rust) and affects versions 0.9.5 through 1.40.2. The vulnerability arises when handling compressed HTTP payloads: after decompression, the router evaluates limits.http_max_request_bytes, which can lead to significant memory consumption if highly compress...

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by CVE-2024-28101 via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: CVE-2024-28101 Source advisory: OSV:GHSA-CGQF-3CQ5-WVCJ...

Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...