1 |
Web Server Ping Command Injection (TALOS-2017-0472) |
A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability |
2 |
Web RSA Key Generation Command Injection (TALOS-2017-0473) |
A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability. |
3 |
Web Server strcmp Multiple Denial of Service (TALOS-2017-0474) |
A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a specified request to trigger this vulnerability. |
4 |
Clear Text Transmission of Password (TALOS-2017-0475) |
An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to log in as admin. |
5 |
Web Server URI Denial of Service (TALOS-2017-0476) |
An attacker can send a crafted URI to trigger this vulnerability. |
6 |
Web Server Certificate Signing Request Command Injection (TALOS-2017-0477) |
A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability. |
7 |
Web Server Cross-Site Request Forgery (TALOS-2017-0478) |
A specially crafted HTTP packet can cause a cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. |
8 |
Plaintext Password Storage (TALOS-2017-0479) |
An attacker with shell access could extract passwords in clear text from the device. |
9 |
Server Agent Information Disclosure (TALOS-2017-0480) |
A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. |
10 |
Web Server Weak Cryptography for Passwords (TALOS-2017-0481) |
An attacker could intercept weakly encrypted passwords and could use brute force to break them. |
11 |
Web Server OpenVPN Config Multiple Command Injection (TALOS-2017-0482) |
A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability. |
12 |
Service Agent Multiple Denial of Service (TALOS-2017-0487) |
A specially crafted packet can cause a denial of service. |