VYPR

Vendor CVEs

Enterasys

All CVEs

61 total · sorted by risk
  • CVE-2021-27691Apr 15, 2021
    risk 0.00cvss epss 0.25

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…

  • CVE-2021-27692Apr 15, 2021
    risk 0.00cvss epss 0.03

    Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount"…

  • CVE-2021-27707Apr 14, 2021
    risk 0.00cvss epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex"…

  • CVE-2021-27706Apr 14, 2021
    risk 0.00cvss epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter…

  • CVE-2021-27705Apr 14, 2021
    risk 0.00cvss epss 0.03

    Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without…

  • CVE-2013-7312Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation on Enterasys switches and routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service…

  • CVE-2007-2344Apr 27, 2007
    risk 0.00cvss epss 0.02

    The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.

  • CVE-2007-2343Apr 27, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.

  • CVE-2005-2026Jun 16, 2005
    risk 0.00cvss epss 0.01

    Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.

  • CVE-2005-2027Jun 16, 2005
    risk 0.00cvss epss 0.01

    Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.

  • CVE-2004-0674Aug 6, 2004
    risk 0.00cvss epss 0.02

    Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.

Page 2 of 2