3 matches found
Code injection
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients...
Hardcoded credentials
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server...
CVE-2006-2706
CVE-2006-2706 affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The issue allows remote attackers to trigger a denial of service by sending forged "session start" messages that cause the AVR server to connect to arbitrary hosts. The vulnerability description in t...