92 matches found
CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...
Hewlett Packard Enterprise CX 10000 安全漏洞
The Hewlett Packard Enterprise CX 10000 HPE CX 10000 is a series of switches from Hewlett Packard Enterprise USA. A security vulnerability exists in the Hewlett Packard Enterprise CX 10000 that stems from a firewall component that allows an unauthenticated adjacent attacker to perform packet...
PT-2024-39028 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns certain switch models from PLANET Technology that store SNMPv3 users' passwords in plaintext within the configuration files. This allows remote...
The vulnerability of Moxa EDS-510A switch microprogramming software, related to the use of cryptographic algorithms containing defects, allows attackers to exploit their privileges.
The vulnerability of Moxa EDS-510A microcontroller software is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the Ruijie EG-2000SE switch’s microprogramming software lies in the fact that passwords are stored in an open manner, allowing attackers to reset the passwords.
The vulnerability of the Ruijie EG-2000SE switch’s microprogramming software lies in the fact that passwords are stored in an open manner at /data/config.text. Exploiting this vulnerability allows a malicious actor to remotely reset the passwords...
PT-2024-21238 · Dell · Dell Os10 Networking Switches
Name of the Vulnerable Software and Affected Versions: Dell OS10 Networking Switches versions 10.5.3.x through 10.5.6.x Description: The issue is related to an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability, leading to escalation...
CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 when switching...
The vulnerability of the microprogrammed software of the cloud-controlled switch Ruijie Reyee series RG-ES200 allows a intruder to execute arbitrary code.
The vulnerability of the microprogrammed cloud-controlled switch Ruijie Reyee series RG-ES200 is related to the lack of measures taken to neutralize special elements used in the OS command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Cisco Small Business Security Vulnerabilities
Cisco Small Business is a switch from Cisco. A security vulnerability exists in Cisco Small Business that stems from a flaw in the web-based management interface that could allow an authenticated, remote attacker to perform a command injection attack on an affected device...
Cisco Catalyst SD-WAN Manager Security Vulnerability
Cisco Catalyst is a family of switches from Cisco USA. A security vulnerability exists in Cisco Catalyst SD-WAN Manager, which stems from a vulnerability in the SSH service, where an unauthenticated, remote attacker could cause the process to crash, resulting in a DoS condition for SSH access onl...
PT-2023-26858 · Aruba · Arubaos-Switch
Name of the Vulnerable Software and Affected Versions: ArubaOS-Switch affected versions not specified Description: A memory corruption issue could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation results in the ability to execute...
Design/Logic Flaw
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine Sfe can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually st...
HPESBNW04398 rev.1 - HPE FlexFabric 5700 Switches, Multiple Vulnerabilities
Potential Security Impact: Remote: URL Redirection, Host Header Injection SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE FlexFabric 5700 Switch Series - Prior to R2432P61 CVSS Scores: | CVE | CVSS Vector | Base Score | | --- | --- | --- | | CVE-2022-37940 |...
The vulnerability of TP-Link SG105PE microcontroller software, related to deficiencies in authentication procedures, allows attackers to bypass the authentication process.
The vulnerability of TP-Link SG105PE switch’s microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...
MOXA SDS-3008 跨站脚本漏洞
Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...
CVE-2022-23680
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...
The vulnerability of microprogrammed software in ERS3500, ERS3600, ERS4900, and ERS5900 switches is related to errors in handling HTTP headers. This vulnerability allows attackers to execute arbitrary code.
The vulnerability of microprogrammed software in ERS3500, ERS3600, ERS4900, and ERS5900 switches is related to errors in handling HTTP headers. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
多款 Siemens 产品安全特征问题漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A security vulnerability exists in Siemens SCALANCE X-300 Switch Family Devices tha...
Digital China Networks S4600-10P-SI 操作系统命令注入漏洞
The Digital China Networks S4600-10P-SI is a switch from Digital China Networks Beijing Co. A security vulnerability exists in DCN Digital China Networks S4600-10P-SI versions prior to R0241.0470, which stems from incorrect validation of parameters in the console interface. An authenticated,...
firefly-iii 跨站请求伪造漏洞
firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers via /transactions/link/switch/id...