VYPR
Vendor

Extremenetworks

Products
19
CVEs
43
Across products
52
Status
Private

Products

19

Recent CVEs

43
View all 43 CVEs →
  • CVE-2023-46271CriFeb 19, 2025
    risk 0.64cvss 9.8epss 0.01

    Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. This issue arises from the ah_webui service, which listens on TCP port 3009 by default.

  • CVE-2023-46272HigFeb 19, 2025
    risk 0.57cvss 8.8epss 0.00

    Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service

  • CVE-2017-14332HigOct 23, 2017
    risk 0.53cvss 8.1epss 0.01

    Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.

  • CVE-2024-7872HigMar 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data. This issue affects Extreme XDS: before 3933.

  • CVE-2018-5797HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.

  • CVE-2018-5789HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface.

  • CVE-2018-5788HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Denial of Service in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.

  • CVE-2018-5787HigFeb 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.

  • CVE-2017-14328HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot.

  • CVE-2018-5796HigFeb 5, 2018
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command.

  • CVE-2017-14331MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell.

  • CVE-2017-14330MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.

  • CVE-2017-14329MedOct 23, 2017
    risk 0.44cvss 6.7epss 0.00

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.

  • CVE-2026-9831MedMay 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for…

  • CVE-2018-5793MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5792MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5791MedFeb 5, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

  • CVE-2018-5794MedFeb 5, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet.

  • CVE-2018-5790MedFeb 5, 2018
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access…

  • CVE-2026-0689MedMar 2, 2026
    risk 0.32cvss 4.9epss 0.00

    In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface,…