|
■ Vulnerabilities Related to the Web Configuration Interface
Identification Number: CVE‑2026‑32955
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score: 8.8
Type: Stack overflow in an authenticated login redirect URL (CWE‑121)
Impact: This vulnerability could allow an authenticated attacker to cause memory corruption, potentially resulting in the execution of unintended operations.
Workaround: Disable the HTTP/HTTPS services.
Identification Number: CVE‑2026‑32956
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 9.8
Type: Heap overflow in an unauthenticated login redirect URL (CWE‑122)
Impact: This vulnerability could allow an unauthenticated attacker to cause memory corruption, potentially resulting in the execution of unintended operations.
Workaround: Disable the HTTP/HTTPS services.
Identification Number: CVE‑2026‑32957
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score: 5.3
Type: Improper restriction of file upload functionality (CWE‑306)
Impact: This vulnerability could allow an unauthenticated attacker to upload arbitrary files to the product. However, although uploaded files are placed in a temporary memory area, they are not used or executed, and therefore no actual damage is expected.
Workaround: Disable the HTTP/HTTPS services.
Identification Number: CVE‑2026‑32963
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score: 6.1
Type: Reflected cross‑site scripting (XSS) on the system status page (CWE‑79)
Impact: This vulnerability allows malicious JavaScript to be injected into links to a web page.
Workaround: Disable the HTTP/HTTPS services.
■ Vulnerability Related to Firmware Updates
Identification Number: CVE‑2026‑32958
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score: 6.5
Type: Hard‑coded firmware signing key (CWE‑321)
Impact: This vulnerability could allow tampered firmware prepared by an attacker who has obtained the firmware signing key, to be accepted as legitimate firmware by the product.
Workaround: Set a password for the web configuration interface.
■ Vulnerability Related to the SNMP Agent
Identification Number: CVE‑2015‑5621
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score: 7.5
Type: Denial of Service (DoS) vulnerability in net‑snmp (CWE‑1395)
Impact: This vulnerability could allow an attacker to abnormally terminate the SNMP agent running on the product.
Workaround: Disable the SNMP service.
■ Vulnerability Related to AMC Manager Communications
Identification Number: CVE‑2026‑32959
CVSS Score: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 5.9
Type: Use of a constant keystream for encryption (CWE‑327)
Impact: This vulnerability could allow an attacker to illegitimately obtain confidential information, such as configuration data, through a man‑in‑the‑middle attack.
Workaround: None.
Identification Number: CVE‑2026‑32960
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score: 6.5
Type: Authentication bypass through reuse of credentials (CWE‑226)
Impact: This vulnerability could allow an attacker to reuse the authentication credentials of an already authenticated administrator to gain administrator privileges on the product.
Workaround: None.
Identification Number: CVE‑2026‑32961
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score: 5.3
Type: Heap overflow due to insufficient validation of data length (CWE‑122)
Impact: This vulnerability could result in a denial of service (DoS) or allow remote code execution.
Workaround: None.
Identification Number: CVE‑2026‑32965
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score: 7.5
Type: Product can be used without an administrator password being set (CWE‑1188)
Impact: This vulnerability could allow an attacker to set a password on a product that is being operated without an administrator password, thereby obtaining administrator privileges.
Workaround: Set an administrator password for the web configuration interface.
■ Vulnerability Related to Serial Device Server Setup Communications
Identification Number: CVE‑2026‑32962
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score: 5.3
Type: Ability to modify product settings without requiring authentication (CWE‑306)
Impact: This vulnerability could allow an unauthenticated attacker to tamper with the product’s configuration.
Workaround: None.
Identification Number: CVE‑2024‑24487
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score: 5.3
Type: Product reboot can be performed without requiring authentication (CWE‑266)
Impact: This vulnerability could allow an unauthenticated attacker to reboot the product, resulting in a denial of service (DoS).
Workaround: None.
Identification Number: CVE‑2026‑32964
CVSS Score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score: 6.5
Type: Injection vulnerability in configuration processing (CWE‑93)
Impact: This vulnerability could allow an unauthenticated attacker to insert arbitrary entries into the system configuration file.
Workaround: None.
|
