Search
Search Results (28 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35802 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-11-21 | 9.8 Critical |
| IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit. | ||||
| CVE-2020-16847 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | ||||
| CVE-2020-16152 | 1 Extremenetworks | 1 Aerohive Netconfig | 2024-11-21 | 9.8 Critical |
| The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. | ||||
| CVE-2020-13820 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2024-11-21 | 6.1 Medium |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | ||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-11-21 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | ||||
| CVE-2018-5787 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-11-21 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets. | ||||
| CVE-2023-40457 | 1 Extremenetworks | 1 Extremeos | 2024-11-12 | N/A |
| The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks." | ||||