1 |
Stack-based buffer overflow (CWE-121), CVE-2020-7007
|
- The attacker may execute arbitrary codes or target the device to cause it to go out of service.
- The attacker may cause the target device to go out of service, or to execute arbitrary codes. The web setting page IEEE802.1x setting page is where the vulnerabilities found.
|
2 |
Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2020-7001 |
- Using a weak cryptographic algorithm may allow confidential information to be disclosed.
- Improper implementation of the cryptographic function may allow confidential information to be disclosed.
|
3 |
Use of a hard-coded cryptographic key (CWE-321), CVE-2020-6979 |
Using a hard-coded cryptographic key may increase the possibility that confidential data can be recovered. |
4 |
Use of a hard-coded password (CWE-798), CVE-2020-6981 |
A user with malicious intent may gain access to the system without proper authentication. |
5 |
Buffer Copy without Checking Size of Input (CWE-120), CVE-2020-6999 |
- To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the syslog setting page do not ensure that the length of the text is not too long.
- To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the DHCP setting page do not ensure that the length of the text is not too long.
- To exploit this vulnerability, the attacker may cause the target device to go out of service. Some of the parameters in the PTP setting page do not ensure that the length of the text is not too long.
|
6 |
User credentials are sent in clear text (CWE-319), CVE-2020-6997 |
To exploit this vulnerability, the attacker may intercept the information from the clear text communication. |
7 |
Weak password requirements (CWE-521), CVE-2020-6991 |
A user with malicious intent may try to retrieve credentials by using brute force. |