15 matches found
EUVD-2024-50533
Malicious code in bioql PyPI...
CVE-2024-12012
A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...
CVE-2024-12013
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform...
CVE-2024-12011
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid...
CVE-2024-12013
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform...
CVE-2024-12011
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid...
CVE-2024-12012
A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...
CVE-2024-12013
The CVE-2024-12013 entry describes a vulnerability in Nozomi Networks TCP/IP Gateway (firmware 12h, device series 130.8005) where an FTP server is protected by default/easily guessable admin credentials. The underlying issue is CWE-1392 Use of Default Credentials. A remote attacker that can reach...
CVE-2024-12013
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform...
CVE-2024-12013
A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform...
CVE-2024-12012
CVE-2024-12012 affects Nozomi Networks TCP/IP Gateway (firmware 12h). The flaw stems from CWE-598: GET requests carrying sensitive query strings leak the SHA-1 password hash and session tokens via the URL, enabling information leakage and potential bypass of authentication (pass-the-hash). Affect...
CVE-2024-12012
A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage...
CVE-2024-12011
A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid...
CVE-2024-12011
CVE-2024-12011 affects Nozomi Networks/Zettler 130.8005 TCP/IP Gateway (firmware 12h). A CWE-126 buffer over-read due to a memory leak in the web server can trigger remote information disclosure, allowing a remote unauthenticated attacker to leak authentication tokens from process memory and bypa...
Nozomi Networks TCP/IP Gateway 安全漏洞
Nozomi Networks TCP/IP Gateway is a gateway program from Nozomi Networks, USA. A security vulnerability exists in Nozomi Networks TCP/IP Gateway version 12h, which stems from the presence of a buffer over-read that could allow a remote attacker to obtain an authentication token and bypass...