||Stack-based buffer overflow (CWE-121)
||There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code.
||Integer overflow leads to a buffer overflow (CWE-680)
||Integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
||Bypass the CSRF protection mechanism by using a token (CWE-352)
||A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
||Use of a broken or risky cryptographic algorithm (CWE-327)
||Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables.
||Information exposure (CWE-200)
||An attacker can access sensitive information and usernames via the built-in web-service without proper authorization.
||User credentials are sent in cleartext (CWE-310)
||Sensitive information is transmitted over some web applications in clear text.
||Weak password requirements (CWE-521)
||Weak password requirements may allow an attacker to gain access by using brute force.
||Cleartext storage of sensitive information (CWE-312)
||Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account.
||Denial-of-service attack (CWE-400, CWE-941)
||The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash.