Vendor CVEs
Enterasys
All CVEs
61 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27691 | 0.00 | — | 0.25 | Apr 15, 2021 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2021-27692 | 0.00 | — | 0.03 | Apr 15, 2021 | Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"… | |||
| CVE-2021-27707 | 0.00 | — | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"… | |||
| CVE-2021-27706 | 0.00 | — | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter… | |||
| CVE-2021-27705 | 0.00 | — | 0.03 | Apr 14, 2021 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without… | |||
| CVE-2013-7312 | 0.00 | — | 0.01 | Jan 23, 2014 | The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service… | |||
| CVE-2007-2344 | 0.00 | — | 0.02 | Apr 27, 2007 | The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field. | |||
| CVE-2007-2343 | 0.00 | — | 0.04 | Apr 27, 2007 | Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names. | |||
| CVE-2005-2026 | 0.00 | — | 0.01 | Jun 16, 2005 | Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | |||
| CVE-2005-2027 | 0.00 | — | 0.01 | Jun 16, 2005 | Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry. | |||
| CVE-2004-0674 | 0.00 | — | 0.02 | Aug 6, 2004 | Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set. |
- CVE-2021-27691Apr 15, 2021risk 0.00cvss —epss 0.25
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…
- CVE-2021-27692Apr 15, 2021risk 0.00cvss —epss 0.03
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"…
- CVE-2021-27707Apr 14, 2021risk 0.00cvss —epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"…
- CVE-2021-27706Apr 14, 2021risk 0.00cvss —epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter…
- CVE-2021-27705Apr 14, 2021risk 0.00cvss —epss 0.03
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without…
- CVE-2013-7312Jan 23, 2014risk 0.00cvss —epss 0.01
The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service…
- CVE-2007-2344Apr 27, 2007risk 0.00cvss —epss 0.02
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.
- CVE-2007-2343Apr 27, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
- CVE-2005-2026Jun 16, 2005risk 0.00cvss —epss 0.01
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.
- CVE-2005-2027Jun 16, 2005risk 0.00cvss —epss 0.01
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
- CVE-2004-0674Aug 6, 2004risk 0.00cvss —epss 0.02
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.
Page 2 of 2