Scalance Xc206 2G Poe Eec Firmware
Monthly
Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.
Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.