CVE-2024-30407 [Child CVE] JCNR and cRPD: Hard-coded SSH host keys in cRPD may allow Person-in-the-Middle (PitM) attacks

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router JCNR and containerized routing Protocol Deamon cRPD products allows an attacker to perform Person-in-the-Middle PitM attacks which results in complete compromise of the container. Due to...

CVE-2021-31386

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle PitM attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1...

CVE-2021-31386

CVE-2021-31386 is a Protection Mechanism Failure in Juniper Networks Junos OS J-Web HTTP service. Multiple Junos releases are affected (12.3 before 12.3R12-S20; 15.1 before 15.1R7-S11; 18.3 before 18.3R3-S6; 18.4 before 18.4R3-S10; 19.1 before 19.1R3-S7; 19.2 before 19.2R3-S4; 19.3 before 19.3R3-...

CVE-2020-10282

The CVE-2020-10282 entry concerns MAVLink, where version 1.0 has no authentication or authorization, enabling identity spoofing, unauthorized access, and man-in-the-middle-style attacks on MAVLink-based UAV communications. Some sources note MAVLink 2.0 adds a basic authentication mechanism (e.g.,...

CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol

The Micro Air Vehicle Link MAVLink protocol presents no authentication mechanism on its version 1.0 nor authorization whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package...

CVE-2020-10266

CVE-2020-10266 affects UR+ (Universal Robots+) components used with Universal Robots robotic arms (e.g., UR10). The vulnerability arises because installing components from UR+ involves no integrity checks, and the SDK to create such components is publicly available. An attacker could craft a mali...