89 matches found
Netgear NETGEAR 缓冲区错误漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR MediaTek microchips, which originates from an error in the handling of the IEEE 1905 protocol...
Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability
Talos Vulnerability Report TALOS-2021-1369 Anker Eufy Homebase 2 pushMuxer processRtspInfo heap buffer overflow vulnerability October 11, 2021 CVE Number CVE-2021-21940 SUMMARY A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase ...
NETGEAR Multiple Products Command Injection Vulnerability
Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. Several NETGEAR devices have a security vulnerability that stems from the product's failure to filter special characters in user input data, which could allo...
Multiple Vulnerabilities in Cisco Small Business RV340 and Cisco Small Business
The Cisco Small Business RV340 and the Cisco Small Business are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between networks.Cisco Small Business is a...
Command injection
When a MX Series is configured as a Broadband Network Gateway BNG based on Layer 2 Tunneling Protocol L2TP, executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monito...
Command Execution Vulnerability in Vigor2960
Vigor2960 is a load balancing router and VPN gateway appliance from DrayTek Taiwan, China. The Vigor2960 suffers from a command execution vulnerability that can be exploited by an attacker to gain control of a server...
New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service
A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...
CVE-2020-3483
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
Code injection
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483 Duo Network Gateway (DNG) Information Disclosure Vulnerability
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483 Duo Network Gateway (DNG) Information Disclosure Vulnerability
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483
CVE-2020-3483 affects Duo Network Gateway (DNG). Root cause: certificate and private key values uploaded for DNG-protected applications were logged in plain-text due to incomplete exclusion in the logging logic. Affected versions: 1.3.3 through 1.5.7. Impact: if attackers gained access to DNG log...
Cisco DuoConnect Authentication Vulnerability
Cisco DuoConnect is a two-factor authentication solution from Cisco USA. A security vulnerability exists in Cisco DuoConnect versions prior to 1.1.1, which stems from the fact that when DuoConnect is configured as 'http://', under certain circumstances, the program sends authentication tokens ove...
CVE-2020-1633 Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway BNG and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded,...
CVE-2020-1875
NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain proce...
CVE-2019-16298
An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...
Design/Logic Flaw
An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...
CVE-2019-16298
An issue was discovered in Open Network Operating System ONOS 1.14. In the virtual broadband network gateway application org.onosproject.virtualbng, the host event listener does not handle the following event types: HOSTMOVED, HOSTREMOVED, HOSTUPDATED. In combination with other applications, this...
CVE-2019-16298
ONOS 1.14 contains a bug in the Virtual BNG app’s host event listener (org.onosproject.virtualbng) where HOST_MOVED, HOST_REMOVED, and HOST_UPDATED events are not handled. In combination with other applications, this could lead to the absence of intended code execution. The vulnerability is docum...