Item |
Vulnerability Type |
Impact |
1 |
Improper Restriction of Operations Within the Bounds of a Memory Buffer
CVE-2016-2148 |
Heap-based buffer overflow may allow a remote attack in the DHCP client. |
2 |
Improper Input Validation
CVE-2016-7406 |
Allows remote attackers to execute arbitrary code in the dropbear SSH function. |
3 |
Multiple vulnerabilities including buffer overflow, integer overflow etc.
CVE-2012-4412, CVE-2014-5119,
CVE-2014-9402, CVE-2014-9984,
CVE-2018-6485, CVE-2015-7547
CVE-2015-0235 |
Vulnerabilities on outdated GNU C Library (glibc) may allow an attacker to cause different impacts remotely including denial of service and arbitrary code execution. |
4 |
Multiple vulnerabilities including improper restriction of operations, uncontrolled resource consumption, null pointer dereference, buffer overflow, out-of-bounds write, privilege controls, cross-site-scripting etc.
CVE-2008-4609, CVE-2009-1298,
CVE-2010-1162, CVE-2010-4251,
CVE-2010-4805, CVE-2011-0709,
CVE-2011-2525, CVE-2012-0207,
CVE-2012-2136, CVE-2012-3552,
CVE-2012-6638, CVE-2012-6701,
CVE-2012-6704, CVE-2013-7470,
CVE-2014-2523, CVE-2015-1465,
CVE-2015-5364, CVE-2016-10229,
CVE-2016-3134, CVE-2016-4997,
CVE-2016-7039, CVE-2016-7117,
CVE-2016-8666, CVE-2017-1000111
CVE-2017-11176, CVE-2017-7618,
CVE-2017-8890, CVE-2019-16746,
CVE-2019-3896, CVE-2010-3848,
CVE-2012-0056, CVE-2010-2692 |
Vulnerabilities on outdated Linux kernel that may allow an attacker to cause different impacts remotely including denial of service, memory consumption by sending large amounts of traffic, privilege escalation, inject arbitrary commands etc. |
5 |
Use of Hard-coded Cryptographic Key
("House of Keys" vulnerability) |
Embedded devices using non-unique X.509 certificates and SSH host keys can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks. |
6 |
Multiple vulnerabilities including resource management error, buffer overflow, improper authentication, improper input validation etc.
CVE-2006-2937, CVE-2006-2940,
CVE-2006-3738, CVE-2009-3245,
CVE-2010-0742, CVE-2010-3864,
CVE-2010-4252, CVE-2012-2110,
CVE-2014-3512, CVE-2014-3567,
CVE-2014-8176, CVE-2015-0292,
CVE-2016-2108, CVE-2016-2109 |
Vulnerabilities on an outdated OpenSSL module that may allow an attacker to remotely perform a denial-of-service attack or execute arbitrary code etc. |
7 |
Hardcoded password hashes
CVE-2016-8717 |
Use of a hard-coded cryptographic key may increase the possibility of unauthorized access. |
8 |
Authenticated Command Injection
CVE-2021-39279 |
A specially crafted command can cause privilege escalation and circumvent the operating system's user access controls. |
9 |
Reflected Cross-site scripting via manipulated config-file
CVE-2021-39278 |
Allows an attacker to import a malicious config file to the device through the web interface. |