The vulnerability of the implementation of the ISN generator for the PicoTCP protocol stack allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ISN generator implementation in the PicoTCP protocol stack is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

PT-2021-2228 · Oryx · Cyclonetcp

Name of the Vulnerable Software and Affected Versions: Oryx CycloneTCP version 1.9.6 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the CycloneTCP stack implementation. This could allow a remote attacker to gain unauthorized access to protecte...

PT-2021-2231 · Contiki · Contiki

Name of the Vulnerable Software and Affected Versions: Contiki version 4.5 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the Contiki OS uIP protocol stack implementation. This could allow a remote attacker to gain unauthorized access to...

PT-2021-2229 · Siemens · Simatic Mv400

Name of the Vulnerable Software and Affected Versions: SIMATIC MV400 family versions prior to v7.0.6 Description: The issue is related to the implementation of the ISN generator in the TI-NDKTCPIP protocol stack, which uses insufficiently random values. This could allow a remote attacker to predi...

PT-2021-2232 · Picotcp · Picotcp

Name of the Vulnerable Software and Affected Versions: PicoTCP version 1.7.0 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the PicoTCP stack implementation. This could potentially allow a remote attacker to gain unauthorized access to protect...

PT-2021-2233 · Microchip · Mplab Net

Name of the Vulnerable Software and Affected Versions: Microchip MPLAB Net version 3.6.1 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the implementation of the MPLAB Net protocol stack. This could allow a remote attacker to gain unauthorized...

The vulnerability of the ISN IP pool generator implementation used in NutOS and Nut/Net arises from the use of insufficiently random values, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of the ISN IP pool generator implemented in NutOS and Nut/Net relates to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

PT-2021-2224 · Silicon · Uc/Tcp-Ip

Name of the Vulnerable Software and Affected Versions: Silicon Labs uC/TCP-IP version 3.6.0 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the stack protocol used by uC/OS and uC/TCP-IP. This could allow a remote attacker to gain unauthorized...

The vulnerability of the implementation of the ISN generator in the protocols used by uC/OS and uC/TCP-IP allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ISN generator implementation in the uC/OS and uC/TCP-IP protocols is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

Sangoma Technologies Asterisk Security Breach

Sangoma Technologies Asterisk is a suite of open source telephone exchange PBX system software from Canada's Sangoma Technologies. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Sangoma Technologies...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

Multiple Embedded TCP/IP Stacks (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Multiple Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart Vulnerabilities: Use of...

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

PT-2021-7763 · Unknown · Nucleus Net +7

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

PT-2021-9035 · Unknown · Tk-Star Q90 Junior Gps

Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: A security issue was found in the initial setup of the device, where a default password 123456 is used for administrative purposes without prompting the user to change it. This...

TK-Star Q90 Junior GPS horloge trust management issue vulnerability

The TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices, which stems from the use of the default password 123456 for administrative purposes when using the device during initial...