65 matches found
CVE-2024-5801 IP Forwarding enabled in B&R Automation Runtime
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering...
CVE-2024-5801
CVE-2024-5801 affects B&R Automation Runtime; enabling IP Forwarding in versions before 6.0.2 may allow remote attackers to route IP packets through the host, potentially bypassing firewall/NAC filtering. Base score 5.3 (MEDIUM). Remediation: upgrade to 6.0.2 or later. Exploitation details are no...
CVE-2024-5801 IP Forwarding enabled in B&R Automation Runtime
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering...
CVE-2024-38278
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.9.0, RUGGEDCOM RMC8388NC V5.X All versions V5.9.0, RUGGEDCOM RS416NCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416PNCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416Pv2 V5.X All versions V5.9.0, RUGGEDCOM RS416v2 V5.X All...
CVE-2024-38278
CVE-2024-38278 affects Siemens RuggedCom devices with IP Forwarding enabled. The issue allows remote services to be exposed in non-managed VLANs, potentially enabling a remote shell on the affected system. Affected families include RMC8388, RS416NCv2, RS416PNCv2, RS416Pv2, RS416v2, RS900 series, ...
CVE-2024-38278
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.9.0, RUGGEDCOM RMC8388NC V5.X All versions V5.9.0, RUGGEDCOM RS416NCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416PNCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416Pv2 V5.X All versions V5.9.0, RUGGEDCOM RS416v2 V5.X All...
MOXA EDS-4000/G4000 Series Security Bypass Vulnerability
MOXA EDS-4000/G4000 Series is a series of industrial managed Ethernet switches from MOXA, China. A security bypass vulnerability exists in MOXA EDS-4000/G4000 Series prior to version 3.2, which originates from a user-deactivatable IP forwarding feature, and can be exploited by an attacker to bypa...
CVE-2024-0387
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...
Design/Logic Flaw
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...
CVE-2024-0387 EDS-4000/G4000 Series IP Forwarding Vulnerability
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...
CVE-2024-0387
The CVE-2024-0387 issue affects MOXA EDS-4000/G4000 Series before version 3.2. The vulnerability stems from an IP forwarding capability that users cannot deactivate, allowing an attacker to send requests to the device and have them forwarded to a target, potentially bypassing access controls and ...
CVE-2024-0387 EDS-4000/G4000 Series IP Forwarding Vulnerability
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests...
PT-2024-1844 · Unknown · Eds-4000/G4000 Series
Name of the Vulnerable Software and Affected Versions: EDS-4000/G4000 Series versions prior to 3.2 Description: The issue is related to a bypass of access control mechanisms in the web service of the EDS-4000/G4000 Series managed switch firmware. This could allow a remote attacker to send request...
CVE-2023-28971 Paragon Active Assurance: Enabling the timescaledb enables IP forwarding
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance PAA Formerly Netrounds allows an attacker to bypass existing firewall rules and limitations used to restrict internal communcations. The Tes...
K16430721: IP forwarding vulnerability CVE-1999-0511
Security Advisory Description IP forwarding is enabled on a machine which is not a router or firewall. CVE-1999-0511 Impact F5 products are not affected by this vulnerability in default configurations. However, Nessus or similar scanning tools may send alerts for BIG-IP systems in the following...
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet resulting in Denial of Service.
...
ALPINE-CVE-2022-44793
handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...
IP Forwarding Enabled - Active Check
Checks if the remote host has IP forwarding enabled. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞(CVE-2021-21596)
Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...
CVE-2020-28899
The Web CGI Script on ZyXEL LTE4506-M606 V1.00ABDO.2C0 devices does not require authentication, which allows remote unauthenticated attackers via crafted JSON action data to /cgi-bin/gui.cgi to use all features provided by the router. Examples: change the router password, retrieve the Wi-Fi...