Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): firmware
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1437 |
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. Published: February 04, 2015; 11:59:03 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1469 |
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. Published: February 03, 2015; 5:59:05 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2015-0930 |
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. Published: February 03, 2015; 5:59:03 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0929 |
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. Published: February 03, 2015; 5:59:03 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-1460 |
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. Published: February 03, 2015; 11:59:32 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1348 |
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface. Published: February 03, 2015; 11:59:10 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1449 |
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors. Published: February 02, 2015; 10:59:09 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-1448 |
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. Published: February 02, 2015; 10:59:08 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-1357 |
Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allow context-dependent attackers to discover password hashes by reading (1) files or (2) security logs. Published: February 02, 2015; 10:59:03 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1049 |
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. Published: February 02, 2015; 10:59:01 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-7270 |
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Published: February 01, 2015; 10:59:03 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-7269 |
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Published: February 01, 2015; 10:59:01 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2014-4498 |
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue. Published: January 30, 2015; 6:59:27 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2014-9198 |
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. Published: January 27, 2015; 2:59:10 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-9197 |
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Published: January 27, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-0554 |
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. Published: January 21, 2015; 1:59:50 PM -0500 |
V3.x:(not available) V2.0: 9.4 HIGH |
CVE-2015-1048 |
Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Published: January 21, 2015; 12:59:02 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-8479 |
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. Published: January 21, 2015; 12:59:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8478 |
The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. Published: January 21, 2015; 12:59:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1028 |
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer). Published: January 21, 2015; 10:28:35 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |