|Stack-based buffer overflow (CWE-121), CVE-2019-9099
|There were two separate issues that affected the buffer overflow in the built-in web server that allowed remote attackers to initiate a DoS attack and execute arbitrary code.
|Integer overflow leads to a buffer overflow (CWE-680), CVE-2019-9098
|Integer overflow causes unexpected memory allocation that can lead to a buffer overflow.
|Bypass the CSRF protection mechanism by using a token (CWE-352), CVE-2019-9102
|A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
|Use of a broken or risky cryptographic algorithm (CWE-327), CVE-2019-9095
|Sensitive information may be revealed by using a weak cryptographic algorithm with predictable variables.
|Information exposure (CWE-200), CVE-2019-9103
|An attacker can access sensitive information and usernames via the built-in web-service without proper authorization.
|User credentials are sent in cleartext (CWE-310), CVE-2019-9101
|Sensitive information is transmitted over some web applications in clear text.
|Weak password requirements (CWE-521), CVE-2019-9096
|Weak password requirements may allow an attacker to gain access by using brute force.
|Cleartext storage of sensitive information (CWE-312), CVE-2019-9104
|Sensitive information is stored in configuration files using clear text, which allows attackers to use an administrative account.
|Denial-of-service attack (CWE-400, CWE-941), CVE-2019-9097
|The web service will become temporarily unavailable due to the fact that the attacker overloads the system and causes the service to crash.