Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2571 Malicious code in hiveos-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc412fc6f4c4059bbea28f3aa4ff430b5cc0405b6117995d8b401be1ed514932 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Malicious code in hiveos-settings (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc412fc6f4c4059bbea28f3aa4ff430b5cc0405b6117995d8b401be1ed514932 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

MAL-2026-2298 Malicious code in hiveos-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6d040e58dddde324da836a19a41eb5c65698ef869ed3e534f662136f1fb48440 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Malicious code in hiveos (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 632c5c53f72df87d7b0d9843df212e147e729699ffe5e7f6c20e3cd41fa13f64 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

CVE-2020-36907

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

CVE-2020-36907

CVE-2020-36907 affects Aerohive HiveOS NetConfig UI. An unauthenticated attacker can trigger a denial-of-service by sending crafted parameters to action.php5, causing a 5-minute web interface disruption. The CVE is described with network-based access, low attack complexity, and no privileges requ...

CVE-2020-36907 Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

CVE-2020-36907

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

CVE-2020-36907 Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

PT-2026-1442

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption...

Extreme Aerohive HiveOS 安全漏洞

Extreme Aerohive HiveOS is a specialized operating system from Extreme, Inc. A security vulnerability exists in Extreme Aerohive HiveOS, which stems from a denial of service vulnerability in NetConfig UI that could make the web interface unavailable...

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this...

CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this...

CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this...

PT-2024-10728 · Hiveos · Hiveos

Name of the Vulnerable Software and Affected Versions: HiveOS versions 0.6-102@191212 and earlier Description: The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as SSH host keys are baked into the installation image. The vendor...

CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this...

CVE-2019-19754

CVE-2019-19754 affects HiveOS up to version 0.6-102@191212, where SSH host keys are baked into the installation image. This enables man-in-the-middle attacks and makes identifying all public IPv4 nodes trivial via Shodan. The vulnerability is caused by non-rotatable host keys stored in the image,...

Extreme Networks HiveOS ah_auth Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Extreme Networks routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ahauth service, which listens on UDP port 3001. The issue results...