VYPR
Vendor

HCC Embedded

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2020-35685CriAug 19, 2021
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and…

  • CVE-2021-36762HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the…

  • CVE-2020-35684HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Nichestack 3.0. The code that parses TCP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the length of the TCP payload within the TCP checksum computation function. When the IP payload size is…

  • CVE-2020-35683HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the…

  • CVE-2021-31228HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests (without sniffing the specific…

  • CVE-2021-31227HigAug 19, 2021
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a…

  • CVE-2020-25767HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which…