CVE-2025-40820
- EPSS 0.06%
- Veröffentlicht 09.12.2025 10:44:30
- Zuletzt bearbeitet 09.12.2025 18:36:53
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to...
CVE-2024-23814
- EPSS 0.24%
- Veröffentlicht 11.02.2025 11:15:12
- Zuletzt bearbeitet 08.04.2025 09:15:17
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote atta...
CVE-2023-37482
- EPSS 0.06%
- Veröffentlicht 11.02.2025 11:15:11
- Zuletzt bearbeitet 11.02.2025 11:15:11
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
CVE-2024-46886
- EPSS 0.09%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 10.10.2024 12:56:30
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate ...
CVE-2024-46887
- EPSS 0.18%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 08.04.2025 21:15:46
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle t...