libspdm 授权问题漏洞

libspdm is a DMTF open source example implementation that follows the DMTF SPDM specification. A security vulnerability exists in libspdm versions prior to 2.3.1, which stems from the fact that if a device supports both DHE session and PSK session authentication, an attacker may be able to...

SUSE CVE-2005-3671

The Internet Key Exchange version 1 IKEv1 implementation in Openswan 2 openswan-2 before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.041.5.4-1.23, allow remote attackers to cause a denial of service via 1 a crafted packet using 3DES with an invalid key length, or 2 unspecified inputs when...

SUSE CVE-2015-3196

ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service race condition and double free via a crafted...

SUSE CVE-2018-5389

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline...

SUSE CVE-2021-20232

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

CVE-2022-46562

D-Link DIR-882 DIR882A1FW130B06, DIR-878 DIR878FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module...

D-Link DIR-882 缓冲区错误漏洞

D-Link DIR-882 is a wireless router from China Youxun D-Link.D-Link DIR-882 DIR882A1FW130B06 has a security vulnerability that stems from a PSK parameter found through the SetQuickVPNSettings module that contains a stack overflow. No detailed vulnerability details are currently available...

Eclipse Californium 安全漏洞

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap backend support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions prior to 3.7.0 and 2.7.4, which stems from a handshake that does not clean up PSKs that fail the...

GHSA-P72G-CGH9-GHJG Failing DTLS handshakes may cause throttling to block processing of records

Impact Failing handshakes didn't cleanup counters for throttling. In consequence the threshold may get reached and will not be released again. The results in permanently dropping records. The issues was reported for certificate based handshakes, but it can't be excluded, that this happens also fo...

PT-2022-24935 · Eclipse · Eclipse Californium

Name of the Vulnerable Software and Affected Versions: Eclipse Californium versions prior to 3.7.0 Eclipse Californium versions prior to 2.7.4 Description: Eclipse Californium, a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services, is vulnerable to a Denial of...

CVE-2022-38789

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference...

CVE-2022-35517

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: webpskValue, wlMethod, wlanssid, EncrypType, rwanip, rwanmask, rwangateway, pppusername, ppppasswd and pppsetver, which leads to command injection in page /wizardroutermesh.shtml...

TRENDnet TEW-831DR Information Disclosure Vulnerability

TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-831DR version 1.0 601.130.1.1356, which stems from the fact that the default pre-shared key for Wi-Fi networks is the same for every router, except for the last four digits. An attacker within the...

CVE-2022-30326

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...

Design/Logic Flaw

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...

Design/Logic Flaw

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker...

CVE-2022-30326

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface...

CVE-2022-30325

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker...

CVE-2022-30325

CVE-2022-30325 affects TRENDnet TEW-831DR (firmware 601.130.1.1356). The issue: the default Wi‑Fi pre‑shared key is the same across routers (except last four digits) for both 2.4 GHz and 5 GHz networks, enabling an attacker within Wi‑Fi range to guess or brute‑force the PSK and gain access. Explo...

TRENDnet TEW-831DR 跨站请求伪造漏洞

The TRENDnet TEW-831DR is a router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-831DR version 1.0 601.130.1.1356, which stems from the vulnerability of the web interface to cross-site request forgery attacks. An attacker can change the pre-shared key of a Wi-Fi router i...