RSS   Vulnerabilities for 'Smartserver 1 firmware'   RSS

2018-07-24
 
CVE-2018-8859

CWE-287
 

 
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.

 
 
CVE-2018-8855

CWE-319
 

 
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.

 
 
CVE-2018-8851

CWE-522
 

 
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.

 
 
CVE-2018-10627

CWE-200
 

 
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product.

 

 >>> Vendor: Echelon 3 Products
I.lon 100 firmware
I.lon 600 firmware
Smartserver 1 firmware


Copyright 2024, cxsecurity.com

 

Back to Top