1 |
Web application nonce reuse vulnerability (CWE-613)
TALOS-2016-0225, CVE-2016-8712 |
A session token is able to be reused for attackers to log in. |
2 |
Web application cleartext transmission of password vulnerability (CWE-640)
TALOS-2016-0230, CVE-2016-8716 |
Users without authorized access can intercept password transmission traffic through the web console and obtain valid credentials. |
3 |
Hard-coded administrator credentials vulnerability (CWE-798)
TALOS-2016-0231, CVE-2016-8717 |
An authorized administrator cannot modify or remove the backdoor account, which gives attackers the opportunity to control affected devices. |
4 |
Web application cross-site request forgery vulnerability (CWE-352)
TALOS-2016-0232, CVE-2016-8718 |
An authenticated admin or user is able to execute arbitrary commands through the web console. |
5 |
Web application multiple reflected cross-site scripting vulnerabilities (CWE-79)
TALOS-2016-0233, CVE-2016-8719 |
An authenticated admin or user is able to execute malicious script in a web browser. |
6 |
Web application HTTP header injection vulnerability (CWE-74)
TALOS-2016-0234, CVE-2016-8720 |
An authenticated admin or user can inject a payload into a specific parameter, which will be copied into the Location header of the HTTP response. |
7 |
Web application ping command injection vulnerability (CWE-78)
TALOS-2016-0235, CVE-2016-8721 |
An authenticated admin or user is able to execute arbitrary commands through the web console. |
8 |
Web application information disclosure vulnerability (CWE-200)
TALOS-2016-0236, CVE-2016-8722 |
An unauthorized user is able to retrieve sensitive information through a specific URL. |
9 |
Web application denial of service vulnerability (CWE-476)
TALOS-2016-0237, CVE-2016-8723 |
Unexpected HTTP request has the potential to crash the device’s web server. |
10 |
Sensitive information disclosure vulnerability (CWE-200)
TALOS-2016-0238, CVE-2016-8724 |
Potentially sensitive information is accessible through a freely-available Windows application or by using customized scripts. |
11 |
Web application information disclosure vulnerability (CWE-200)
TALOS-2016-0239, CVE-2016-8725 |
An unauthorized user is able to retrieve sensitive information through a specific URL. |
12 |
Web application denial of service vulnerability (CWE-476)
TALOS-2016-0240, CVE-2016-8726 |
Unexpected HTTP request has the potential to crash the device’s web server. |
13 |
Web Application information disclosure vulnerability (CWE-200)
TALOS-2016-0241, CVE-2016-8727 |
An unauthorized user is able to retrieve sensitive information through a specific URL. |