Skip to main content

Gs1900 10Hp Firmware

34 CVEs product

Monthly

CVE-2026-7273 HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow Gs1900 48Hpv2 Firmware Gs1900 8 Firmware +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8882 MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Gs1900 8 Firmware Gs1900 8Hp Firmware +8
NVD
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-8881 MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-38270 MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35140 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-35032 HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-35031 HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +11
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2021-35030 MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2019-15804 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-15803 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-15802 MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2019-15801 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-15800 CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware +7
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2019-15799 HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2016-1346 MEDIUM This Month

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Emc Powerscale Onefs Jr6150 Firmware X14J Firmware +2
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2015-6313 HIGH This Week

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Opensolaris Gs1900 10Hp Firmware Keymouse Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-6312 HIGH This Week

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Emc Powerscale Onefs Jr6150 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-1350 HIGH This Week

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Thinkcentre E75S Firmware +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-1349 HIGH This Week

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Core I5 9400F Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1348 HIGH This Week

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Jr6150 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-1344 MEDIUM This Month

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Thinkcentre E75S Firmware +5
NVD
CVSS 3.0
5.9
EPSS
3.0%
CVE-2015-6260 HIGH This Week

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Gs1900 10Hp Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-0718 HIGH This Week

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Computing System Nx Os Jr6150 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
6.0%
CVE-2016-1329 CRITICAL Act Now

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass X14J Firmware Opensolaris Gs1900 10Hp Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-1319 MEDIUM This Month

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Opensolaris X14J Firmware Gs1900 10Hp Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-1317 MEDIUM This Month

Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Gs1900 10Hp Firmware
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-1307 MEDIUM This Month

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Gs1900 10Hp Firmware Keymouse Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1302 HIGH This Week

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass X14J Firmware Opensolaris Gs1900 10Hp Firmware +2
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-6398 HIGH This Week

Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Gs1900 10Hp Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2015-5990 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs1900 10Hp Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-5989 CRITICAL Act Now

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2015-5988 CRITICAL Act Now

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-5987 HIGH This Week

Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gs1900 10Hp Firmware
NVD
CVSS 3.0
8.6
EPSS
0.6%
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.

Zyxel Stack Overflow Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 4.5
MEDIUM This Month

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zyxel Information Disclosure Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware +9
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +11
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Zyxel Command Injection Gs1900 8 Firmware +13
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zyxel Gs1900 8 Firmware +11
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel Gs1900 8 Firmware +8
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Zyxel +9
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zyxel Gs1900 8 Firmware +8
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Emc Powerscale Onefs +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Opensolaris +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service +6
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Cisco Denial Of Service +7
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Gs1900 10Hp Firmware
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Computing System +6
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass X14J Firmware +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Opensolaris +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Gs1900 10Hp Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Gs1900 10Hp Firmware +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass X14J Firmware +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Gs1900 10Hp Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs1900 10Hp Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gs1900 10Hp Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs1900 10Hp Firmware
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gs1900 10Hp Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy