var-201008-1004
Vulnerability from variot
The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com)
Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor)
Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response: TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.")
Fix availability: None.
Work-arounds advised: None possible. Remove products from network. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
TITLE: Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability
SECUNIA ADVISORY ID: SA40829
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40829
RELEASE DATE: 2010-08-04
DISCUSS ADVISORY: http://secunia.com/advisories/40829/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40829/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40829
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Rockwell Automation 1756-ENBT series A, which can be exploited by malicious people to compromise the vulnerable device.
The vulnerability is caused due to the VxWorks debug agent being enabled, which can be exploited to gain control over the device by e.g. sending specially crafted requests to port 17185/UDP.
The vulnerability is reported in Rockwell Automation 1756-ENBT series A running firmware versions 3.2.6 and 3.6.1.
SOLUTION: See Rockwell Automation Technote #69735.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: Reported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore.
ORIGINAL ADVISORY: US-CERT VU#362332: http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86FPQL
HD Moore: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5.5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "5"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6.4"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.6,
"vendor": "windriver",
"version": "6"
},
{
"model": "vxworks",
"scope": "lte",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ericsson",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "polycom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"model": "vxworks",
"scope": "lt",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9"
},
{
"model": "river systems vxworks through",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.56.9"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "windriver",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "6.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vxworks",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:windriver:vxworks",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thanks to HD Moore for reporting a wider scope with additional research related to this vulnerability. Earlier public reports came from Bennett Todd and Shawn Merdinger. This document was written by Jared Allar. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
}
],
"trust": 0.8
},
"cve": "CVE-2010-2967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2967",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2965",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 9.5,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "VU#840249",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3889",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2967",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2965",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#840249",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2967",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2010-3889",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device\u0027s memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer\u0027s guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default \u0027target/password\u0027, \u0027y{{{{{SS\u0027 will HASH out the same result as \u0027password\u0027. So you can use \u0027password\u0027 and \u0027y{{{{{SS\u0027 as the password to log in. Vendor affected: TP-Link (http://tp-link.com)\n\nProducts affected:\n * All TP-Link VxWorks-based devices (confirmed by vendor)\n * All \"2-series\" switches (confirmed by vendor)\n * TL-SG2008 semi-managed switch (confirmed by vendor)\n * TL-SG2216 semi-managed switch (confirmed by vendor)\n * TL-SG2424 semi-managed switch (confirmed by vendor)\n * TL-SG2424P semi-managed switch (confirmed by vendor)\n * TL-SG2452 semi-managed switch (confirmed by vendor)\n\nVulnerabilities:\n * All previously-reported VxWorks vulnerabilities from 6.6.0 on;\n at the very least:\n * CVE-2013-0716 (confirmed by vendor)\n * CVE-2013-0715 (confirmed by vendor)\n * CVE-2013-0714 (confirmed by vendor)\n * CVE-2013-0713 (confirmed by vendor)\n * CVE-2013-0712 (confirmed by vendor)\n * CVE-2013-0711 (confirmed by vendor)\n * CVE-2010-2967 (confirmed by vendor)\n * CVE-2010-2966 (confirmed by vendor)\n * CVE-2008-2476 (confirmed by vendor)\n * SSLv2 is available and cannot be disabled unless HTTPS is\n completely disabled (allows downgrade attacks)\n (confirmed by vendor)\n * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot\n be disabled (allows downgrade attacks)\n (confirmed by vendor)\n\nDesign flaws:\n * Telnet is available and cannot be disabled (confirmed by vendor)\n * SSHv1 enabled by default if SSH is enabled (confirmed by vendor)\n\nVendor response:\n TP-Link are not convinced that these flaws should be repaired. \n\n TP-Link\u0027s Internet presence -- or at least DNS -- is available only\n intermittently. Most emails bounced. Lost contact with vendor, but\n did confirm that development lead is now on holiday and will not\n return for at least a week. \n\n Initial vendor reaction was to recommend purchase of \"3-series\"\n switches. Vendor did not offer reasons why \"3-series\" switches would\n be more secure, apart from lack of telnet service. Vendor confirmed\n that no development time can be allocated to securing \"2-series\"\n product and all focus has shifted to newer products. \n\n (TL-SG2008 first product availability July 2014...)\n\n Vendor deeply confused about security of DES/3DES, MD5, claimed that\n all security is relative. (\"...[E]ven SHA-1 can be cracked, they just\n have different security level.\")\n\nFix availability:\n None. \n\nWork-arounds advised:\n None possible. Remove products from network. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability\n\nSECUNIA ADVISORY ID:\nSA40829\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40829/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829\n\nRELEASE DATE:\n2010-08-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40829/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40829/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Rockwell Automation 1756-ENBT\nseries A, which can be exploited by malicious people to compromise\nthe vulnerable device. \n\nThe vulnerability is caused due to the VxWorks debug agent being\nenabled, which can be exploited to gain control over the device by\ne.g. sending specially crafted requests to port 17185/UDP. \n\nThe vulnerability is reported in Rockwell Automation 1756-ENBT series\nA running firmware versions 3.2.6 and 3.6.1. \n\nSOLUTION:\nSee Rockwell Automation Technote #69735. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore. \n\nORIGINAL ADVISORY:\nUS-CERT VU#362332:\nhttp://www.kb.cert.org/vuls/id/362332\nhttp://www.kb.cert.org/vuls/id/MAPG-86FPQL\n\nHD Moore:\nhttp://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2967"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92397"
}
],
"trust": 5.04
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/362332",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://www.kb.cert.org/vuls/id/840249",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2967",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#840249",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-10-214-01",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#362332",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2010-1489",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2010-3889",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614",
"trust": 0.8
},
{
"db": "BID",
"id": "42114",
"trust": 0.6
},
{
"db": "IVD",
"id": "BAB59964-1FB2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "0183E958-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D72F2C0-463F-11E9-98F5-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D753CB1-463F-11E9-876D-000C29342CB1",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "40829",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "128512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92397",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92397"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"id": "VAR-201008-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
],
"trust": 2.50988144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
},
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
}
]
},
"last_update_date": "2024-11-29T21:06:51.097000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.windriver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033709"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"trust": 2.3,
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://community.rapid7.com/community/metasploit/blog/2010/08/02/shiny-old-vxworks-vulnerabilities"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-214-01_vxworks_vulnerabilities.pdf"
},
{
"trust": 1.6,
"url": "http://blogs.windriver.com/chauhan/2010/08/vxworks-secure.html"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/mapg-863qh9"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml"
},
{
"trust": 0.8,
"url": "http://seclists.org/vuln-dev/2002/may/179"
},
{
"trust": 0.8,
"url": "https://support.windriver.com/olsportal/faces/maintenance/downloaddetails.jspx?contentid=033708"
},
{
"trust": 0.8,
"url": "http://thesauceofutterpwnage.blogspot.com/2010/08/metasploit-vxworks-wdb-agent-attack.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/215.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/505.html"
},
{
"trust": 0.8,
"url": "http://newsoft-tech.blogspot.com/2010/09/follow-up-on-vxworks-issue.html"
},
{
"trust": 0.8,
"url": "http://cvk.posterous.com/how-to-crack-vxworks-password-hashes"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2967"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2967"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/362332http"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0713"
},
{
"trust": 0.1,
"url": "http://tp-link.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0714"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/mapg-86fpql"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40829/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40829"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/362332"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40829/"
},
{
"trust": 0.1,
"url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92397"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CERT/CC",
"id": "VU#362332"
},
{
"db": "CERT/CC",
"id": "VU#840249"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"db": "PACKETSTORM",
"id": "128512"
},
{
"db": "PACKETSTORM",
"id": "92397"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "bab59964-1fb2-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-03T00:00:00",
"db": "IVD",
"id": "7d72f2c0-463f-11e9-98f5-000c29342cb1"
},
{
"date": "2010-08-05T00:00:00",
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#362332"
},
{
"date": "2010-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2014-10-01T10:11:11",
"db": "PACKETSTORM",
"id": "128512"
},
{
"date": "2010-08-05T13:58:08",
"db": "PACKETSTORM",
"id": "92397"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2010-08-05T13:22:29.857000",
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-02T00:00:00",
"db": "CERT/CC",
"id": "VU#362332"
},
{
"date": "2014-06-02T00:00:00",
"db": "CERT/CC",
"id": "VU#840249"
},
{
"date": "2010-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"date": "2010-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1489"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005614"
},
{
"date": "2010-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-031"
},
{
"date": "2024-11-21T01:17:45.090000",
"db": "NVD",
"id": "CVE-2010-2967"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks loginDefaultEncrypt Algorithm encryption problem vulnerability",
"sources": [
{
"db": "IVD",
"id": "0183e958-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d753cb1-463f-11e9-876d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2010-3889"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-031"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.