||Stack-based buffer overflow (CWE-121), CVE-2019-9099
||There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code.
||Integer overflow leads to a buffer overflow (CWE-680), CVE-2019-9098
||Integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
||Bypass the CSRF protection mechanism by using a token (CWE-352), CVE-2019-9102
||A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
||Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2019-9095
||Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables.
||Information exposure (CWE-200), CVE-2019-9103
||An attacker can access sensitive information and usernames via the built-in web-service without proper authorization.
||User credentials are sent in cleartext (CWE-310), CVE-2019-9101
||Sensitive information is transmitted over some web applications in clear text.
||Weak password requirements (CWE-521), CVE-2019-9096
||Weak password requirements may allow an attacker to gain access by using brute force.
||Cleartext storage of sensitive information (CWE-312), CVE-2019-9104
||Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account.
||Denial-of-service attack (CWE-400, CWE-941), CVE-2019-9097
||The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash.