CVE-2024-23814
- EPSS 0.24%
- Veröffentlicht 11.02.2025 11:15:12
- Zuletzt bearbeitet 08.04.2025 09:15:17
The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote atta...
CVE-2023-37482
- EPSS 0.05%
- Veröffentlicht 11.02.2025 11:15:11
- Zuletzt bearbeitet 11.02.2025 11:15:11
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
CVE-2024-46886
- EPSS 0.07%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 10.10.2024 12:56:30
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate ...
CVE-2024-46887
- EPSS 0.12%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 08.04.2025 21:15:46
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle t...