TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7 19.4 versions prior to 19.4R3-S11 20.2 versions prior to 20.2R3-S6 20.4 versions prior to 20.4R3-S5 21.1 versions prior to 21.1R3-S4 21.2 versions prior to 21.2R3-S3 21.3 versions prior to 21.3R3 21.4 versions prior to 21.4R2. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.Īn Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 3_3 allows attackers to cause permanent DoS via directory junction. Improper validation of integrity check vulnerability in Smart Switch PC prior to version 2_1 allows local attackers to delete arbitrary directory using directory junction. Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.Ī buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.Ī buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.Ī vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.ĭraytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. There are no known workarounds for this issue. This issue has been resolved in Tuleap version 14.9.99.63. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.Īn authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. An authenticated command injection vulnerability exists in the AOS-CX command line interface.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |