VYPR
Vendor

Ecos

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2018-12336CriJun 17, 2018
    risk 0.64cvss 9.8epss 0.02

    Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.

  • CVE-2017-1000020CriJul 17, 2017
    risk 0.64cvss 9.8epss 0.03

    SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does…

  • CVE-2018-12333HigJun 17, 2018
    risk 0.53cvss 8.1epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.

  • CVE-2018-12330HigJun 17, 2018
    risk 0.53cvss 8.1epss 0.01

    Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware.

  • CVE-2018-12334HigJun 17, 2018
    risk 0.49cvss 7.5epss 0.01

    Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.

  • CVE-2018-12335HigJun 17, 2018
    risk 0.47cvss 7.3epss 0.00

    Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.

  • CVE-2018-12337MedJun 17, 2018
    risk 0.30cvss 4.6epss 0.00

    Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.

  • CVE-2018-12332MedJun 17, 2018
    risk 0.27cvss 4.2epss 0.00

    Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.

  • CVE-2009-2684Oct 13, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL…

  • CVE-2019-19772Mar 6, 2020
    risk 0.00cvss epss 0.01

    Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.