EUVD-2015-3973

Malware in sbrugna...

Belden GarrettCom Switch Detection (HTTP)

HTTP based detection of Belden GarrettCom Switches. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Belden Garrettcom 6K/10K Switches - Authentication Bypass / Memory Corruption Vulnerabilities

Exploit for php platform in category web applications Introduction ------------ Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT Magnum series network switches. These were discovered during a black box assessment and therefore the vulnerability list should not be considered...

Belden GarrettCom 6K / 10KT Bypass / Disclosure / Buffer Overflow

Introduction ------------ Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT Magnum series network switches. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that...

CVE-2015-3961

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service memory corruption and reboot via a crafted URL...

CVE-2015-3959

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

CVE-2015-3942

Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Memory corruption

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service memory corruption and reboot via a crafted URL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

CVE-2015-3961

The CVE-2015-3961 vulnerability affects the web-server component of MNS on Belden GarrettCom Magnum 6K and Magnum 10K switches (before version 4.5.6). A remote authenticated attacker can trigger a denial of service via a crafted URL, causing memory corruption and a reboot. The issue is mitigated ...

CVE-2015-3959

The CVE-2015-3959 issue affects Belden GarrettCom Magnum 6K and Magnum 10K switches running MNS firmware prior to 4.5.6. The root cause is a hardcoded serial-console password for a privileged account, enabling a physically proximate attacker to gain access by connecting a console session to a non...

CVE-2015-3942

Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-3942

CVE-2015-3942 describes multiple XSS vulnerabilities in the web-server component of GarrettCom Magnum 6K and Magnum 10K switches running before version 4.5.6. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected devices are GarrettCom...

CVE-2015-3959

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

CVE-2015-3960

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

CVE-2015-3960

The CVE-2015-3960 issue affects Belden GarrettCom Magnum 6K/10K switches running MNS firmware prior to 4.5.6. The firmware contains hard-coded RSA private keys and certificates used for HTTPS/SSH, enabling remote attackers to defeat cryptographic protections by exploiting a private key from anoth...

CVE-2015-3961

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service memory corruption and reboot via a crafted URL...