CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypasswhen sending a malformed POST request and particular configuration parameters are set.
9.8CVSS
9.6AI Score
0.001EPSS
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘PathTraversal’) vulnerability exists that could allow an authenticated user with access to the device’sweb interface to corrupt files and impact device functionality when sending a crafted HTTPrequest.
8.1CVSS
8.1AI Score
0.0005EPSS
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticateduser with access to the device’s web interface to perform unauthorized file and firmwareuploads when crafting custom web requests.
8.8CVSS
7.5AI Score
0.001EPSS
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of thedevice when an attacker sends a specially crafted HTTP request.
7.5CVSS
5.7AI Score
0.0005EPSS
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerabilityexists that could allow a user with access to the device’s web interface to cause a fault on thedevice when sending a malformed HTTP request.
8.1CVSS
5.5AI Score
0.0005EPSS
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of thedevice’s web interface when an attacker sends a specially crafted HTTP request.
7.5CVSS
5.3AI Score
0.0005EPSS