VYPR
Vendor

Cyberoam

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2012-3372HigJul 9, 2012
    risk 0.48cvss 7.4epss 0.01

    The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the…

  • CVE-2020-29574KEVDec 11, 2020
    risk 0.13cvss epss 0.05

    An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.

  • CVE-2021-38702Aug 17, 2021
    risk 0.03cvss epss 0.07

    Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.

  • CVE-2015-6811Sep 4, 2015
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.

  • CVE-2012-1047Feb 12, 2012
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.

  • CVE-2014-5503Oct 7, 2014
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.

  • CVE-2014-5502Oct 7, 2014
    risk 0.00cvss epss 0.02

    The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

  • CVE-2014-5501Oct 7, 2014
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.