Ecos

ecos

11 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Secure Boot Stick Firmware

secure_boot_stick_firmware

System Management Appliance

system_management_appliance

Embedded Web Servers

embedded_web_servers

Secure Boot Stick

secure_boot_stick

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-12338 1Ecos 1System Management Appliance Nov 21, 2024 Jun 17, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.
CVE-2018-12337 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
CVE-2018-12336 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
CVE-2018-12335 1Ecos 1System Management Appliance Nov 21, 2024 Jun 17, 2018 N/A· v4 7.3 HIGH· v3 4.1 MEDIUM· v2 Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access...Show more Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.Show less
CVE-2018-12334 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 7.5 HIGH· v3 6.5 MEDIUM· v2 Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.
CVE-2018-12333 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
CVE-2018-12332 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 4.2 MEDIUM· v3 1.9 LOW· v2 Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.
CVE-2018-12331 1Ecos 1System Management Appliance Nov 21, 2024 Jun 17, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy E...Show more Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."Show less
CVE-2018-12330 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 8.1 HIGH· v3 8.5 HIGH· v2 Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware.
CVE-2018-12329 1Ecos 1Secure Boot Stick Firmware Nov 21, 2024 Jun 17, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.
CVE-2017-1000020 1Ecos 1Embedded Web Servers May 13, 2026 Jul 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood...Show more SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."Show less