Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-35229

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Mar, 2021 | 18:10
Updated At-04 Aug, 2024 | 17:02
Rejected At-
Credits

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Mar, 2021 | 18:10
Updated At:04 Aug, 2024 | 17:02
Rejected At:
▼CVE Numbering Authority (CNA)

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
x_refsource_MISC
Hyperlink: https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
x_refsource_MISC
x_transferred
Hyperlink: https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Mar, 2021 | 19:15
Updated At:17 Mar, 2021 | 20:41

The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allows attackers (with access to network traffic) to effectively gain administrative privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.8MEDIUM
AV:A/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
NETGEAR, Inc.
netgear
>>gs116e_firmware>>2.6.0.43
cpe:2.3:o:netgear:gs116e_firmware:2.6.0.43:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>gs116e>>v2
cpe:2.3:h:netgear:gs116e:v2:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jgs516pe_firmware>>2.6.0.43
cpe:2.3:o:netgear:jgs516pe_firmware:2.6.0.43:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jgs516pe>>-
cpe:2.3:h:netgear:jgs516pe:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-384Primarynvd@nist.gov
CWE ID: CWE-384
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/cve@mitre.org
Vendor Advisory
Hyperlink: https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

217Records found
CVE-2018-21216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.25%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600_firmwared6000_firmwared6100_firmwared6100d3600r6100r6100_firmwared6000n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:51
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-21204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:11
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:41
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rp_firmwarewn3000rpr9000_firmwared6000_firmwared6000ex2700wn2000rptwn3100rp_firmwarer9000r7500r7500_firmwared3600_firmwarewn3100rpex2700_firmwared6100_firmwared6100d3600n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300rbw30_firmwarer7300_firmwarer8000r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr7900r8000pex3700r6900p_firmwarerbw30r8500_firmwarer7100lg_firmwarer8300r7000_firmwarer6300-2cxnas_firmwarer6300-2cxnasr8000p_firmwarewn2500rpwn2500rp_firmwarer6300_firmwareex6130d8500_firmwarer6250_firmwarer7900pex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwared8500r6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150r6900r7000pwnr3500lr6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42756
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.43%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-n/adgn1000_firmware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-57046
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-46.22% / 97.56%
||
7 Day CHG+1.84%
Published-18 Feb, 2025 | 00:00
Updated-07 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2024-36790
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.87%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 14:23
Updated-29 May, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr614wnr614_firmwaren/awnr614_firmware
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-31802
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-12.70% / 93.74%
||
7 Day CHG+1.55%
Published-26 Apr, 2021 | 12:02
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 35.40%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:58
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbw30_firmwarerbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbw30rbk853_firmwarerbk854rbs850rbk752_firmwarerbk754_firmwarerbk753_firmwarerbk752rbk854_firmwarerbr750rbs750rbk754rbk853rbk753rbk753srbk852rbk852_firmwarerbk753s_firmwarerbr850_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27251
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 15:45
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-br500_firmwarerbk12rbk43sbr500r8900_firmwarerbr40_firmwarerbk23_firmwarerbk14_firmwarerbk15_firmwareex6410ex6420_firmwareex7300v2_firmwarebr200_firmwareex6250_firmwarerbk53_firmwarexr500_firmwarexr700_firmwarerbk15xr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rbs10_firmwarerbk43_firmwareex6410_firmwarerbs20rbs50_firmwareex6150r9000rbs50yex7700_firmwarer7800rbk23rbs10r7800_firmwareex6100v2_firmwarerbk20_firmwarexr450ex6150_firmwarexr700ex6400rbk43s_firmwarerbk20ex6400_firmwarerbk14ex7300_firmwarerbk44_firmwarerbs20_firmwarebr200d7800rbk44ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerbk13xr500ex6400v2_firmwareex6100ex6420d7800_firmwarerbk43ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700rbk13_firmwarelbr20rbr20_firmwareex7320rbk50rbk53lbr20_firmwarerbk50_firmwareR7800
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-27254
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 25.35%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 20:00
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-br500_firmwarerbk12rbk43sbr500ex6150v2_firmwarer8900_firmwarerbr40_firmwarerbk23_firmwarerbk14_firmwarerbk15_firmwareex6410ex6420_firmwareex7300v2_firmwarebr200_firmwareex6250_firmwarerbk53_firmwarexr500_firmwarexr700_firmwarerbk15xr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900rbs40_firmwarer9000_firmwarerbr10rbs10_firmwarerbk43_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6400v2ex6100v2ex7700_firmwarer7800rbk23rbs10r7800_firmwareex6100v2_firmwarerbk20_firmwarexr450xr700ex6400rbk43s_firmwarerbk20ex6400_firmwarerbk14ex7300_firmwarerbk44_firmwarerbs20_firmwarebr200d7800rbk44ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerbk13xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwarerbk43ex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700rbk13_firmwarelbr20rbr20_firmwareex7320rbk50rbk53lbr20_firmwarerbk50_firmwareR7800
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-35785
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-29 Dec, 2020 | 23:40
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgn2200_firmwaredgn2200n/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-0102
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-2.66% / 85.20%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managern/a
CWE ID-CWE-384
Session Fixation
CVE-2014-125048
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 12:05
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
kassi xingwall oauth.js session fixiation

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.

Action-Not Available
Vendor-klukskassi
Product-xingwallxingwall
CWE ID-CWE-384
Session Fixation
CVE-2022-22551
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.14% / 34.54%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 20:15
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

Action-Not Available
Vendor-Dell Inc.
Product-emc_appsyncAppSync
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE ID-CWE-384
Session Fixation
CVE-2024-45368
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 16:36
Updated-14 Sep, 2024 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This behavior deviates from standard security practices where a single, specific response or encoding pattern is expected for successful authentication.

Action-Not Available
Vendor-AutomationDirect
Product-DirectLogic H2-DM1Eh2-dm1e_firmware
CWE ID-CWE-384
Session Fixation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found