1 |
Buffer overflow in account setting parameters
(CVE-2019-6557)
|
Improper calculation of length of cookie value leads to stack overflow, which gives an attacker an ability to cause device reboot or perform code execution. |
2 |
Buffer overflow in multiple parameters
(CVE-2019-6557)
|
Several buffer overflow vulnerabilities can be caused by copying the unregulated contents of specific parameters, which in turn may allow remote code execution or cause device reboot. |
3 |
Read device memory
(CVE-2019-6522)
|
Failure to properly check array bounds gives attackers the ability to read device memory on arbitrary addresses. |
4 |
Failure to handle corrupted OSPF packets
(CVE-2019-6559)
|
Sending malformed OSPF Hello packets to a vulnerable device results in the device rebooting after 2 or 3 minutes. |
5 |
Multiple XSS
(CVE-2019-6565)
|
Failure to properly validate user input gives unauthenticated and authenticated attackers the ability to perform XSS attacks on users.
|
6 |
Improper web interface access control
(CVE-2019-6520)
|
The switch has a management web interface. However, the authority is not properly checked from the server side, which results in read-only users being able to alter configurations.
|
7 |
Cross-Site Request Forgery
(CVE-2019-6561)
|
Cross-Site Request Forgery (CSRF) occurs when an attacker uses a web browser that has already been authenticated by a user to target a web application. |