VYPR
Vendor

Aerohive

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2017-14105HigSep 1, 2017
    risk 0.51cvss 7.8epss 0.01

    HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at…

  • CVE-2020-36907HigJan 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service…

  • CVE-2019-19754MedApr 30, 2024
    risk 0.37cvss 5.7epss 0.00

    HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing…