← Back

Extremenetworks

extremenetworks

29 CVEs • 42 products

Products (42)

Click to collapse
Toggle
Extremexos
extremexos
8 CVEs
Exos
exos
5 CVEs
Extreme Management Center
extreme_management_center
3 CVEs
Xiq Se
xiq-se
3 CVEs
Extremewireless Wing
extremewireless_wing
2 CVEs
Iq Engine
iq_engine
2 CVEs
Extremeware Xos
extremeware_xos
1 CVE
Aerohive Netconfig
aerohive_netconfig
1 CVE
Extremecloud Universal Ztna
extremecloud_universal_ztna
1 CVE
Extremecontrol
extremecontrol
1 CVE
Extremeguest Essentials
extremeguest_essentials
1 CVE
Fabric Engine (voss)
fabric_engine_(voss)
1 CVE
Blackdiamond 10808
blackdiamond_10808
0 CVEs
Blackdiamond 8800
blackdiamond_8800
0 CVEs
Ap122
ap122
0 CVEs
Ap130
ap130
0 CVEs
Ap150w
ap150w
0 CVEs
Ap250
ap250
0 CVEs
Ap30
ap30
0 CVEs
Ap3000
ap3000
0 CVEs
Ap3000x
ap3000x
0 CVEs
Ap302w
ap302w
0 CVEs
Ap305c
ap305c
0 CVEs
Ap305c 1
ap305c-1
0 CVEs
Ap305cx
ap305cx
0 CVEs
Ap4000
ap4000
0 CVEs
Ap4000 1
ap4000-1
0 CVEs
Ap410c
ap410c
0 CVEs
Ap410c 1
ap410c-1
0 CVEs
Ap460c
ap460c
0 CVEs
Ap460s12c
ap460s12c
0 CVEs
Ap460s6c
ap460s6c
0 CVEs
Ap5010
ap5010
0 CVEs
Ap5050d
ap5050d
0 CVEs
Ap5050u
ap5050u
0 CVEs
Ap510c
ap510c
0 CVEs
Ap510cx
ap510cx
0 CVEs
Ap630
ap630
0 CVEs
Ap650
ap650
0 CVEs
Ap650x
ap650x
0 CVEs
Ap1130
ap1130
0 CVEs
Ap550
ap550
0 CVEs

CVEs (29)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-11192
1Extremenetworks
1Fabric Engine (voss)
Jan 15, 2026
Oct 7, 2025
8.4 HIGH· v4
8.6 HIGH· v3
N/A· v2
A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication s...Show more
A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data.Show less
CVE-2025-8679
1Extremenetworks
1Extremeguest Essentials
Jan 15, 2026
Oct 1, 2025
7.6 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login at...Show more
In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled.Show less
CVE-2025-6235
1Extremenetworks
1Extremecontrol
Jan 14, 2026
Jul 21, 2025
5.3 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attr...Show more
In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's browser under specific interaction conditions. Successful exploitation could lead to exposure of user data or unauthorized actions within the browser context.Show less
CVE-2025-6083
1Extremenetworks
1Extremecloud Universal Ztna
Jan 8, 2026
Jun 13, 2025
5.2 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted...Show more
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.Show less
CVE-2024-38292
1Extremenetworks
1Xiq Se
Jul 11, 2025
Feb 27, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.
CVE-2024-38291
1Extremenetworks
1Xiq Se
Jul 11, 2025
Feb 27, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CVE-2024-38290
1Extremenetworks
1Xiq Se
Jul 11, 2025
Feb 27, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
CVE-2020-18305
1Extremenetworks
1Extremexos
Jun 11, 2025
May 14, 2024
N/A· v4
8.0 HIGH· v3
N/A· v2
Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.
CVE-2024-27453
1Extremenetworks
1Extremexos
Jun 10, 2025
May 3, 2024
N/A· v4
8.6 HIGH· v3
N/A· v2
In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI).
CVE-2023-43121
1Extremenetworks
1Exos
Nov 21, 2024
Oct 16, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files.
CVE-2023-43119
1Extremenetworks
1Exos
Nov 21, 2024
Oct 16, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
CVE-2023-43118
1Extremenetworks
1Exos
Nov 21, 2024
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecif...Show more
Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API.Show less
CVE-2023-43120
1Extremenetworks
1Exos
Nov 21, 2024
Oct 16, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
CVE-2023-35803
1Extremenetworks
1Iq Engine
Nov 21, 2024
Oct 4, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.
CVE-2023-35802
1Extremenetworks
1Iq Engine
Nov 21, 2024
Jul 15, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the...Show more
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.Show less
CVE-2020-16152
1Extremenetworks
1Aerohive Netconfig
Nov 21, 2024
Nov 14, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this...Show more
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.Show less
CVE-2020-13819
1Extremenetworks
1Extreme Management Center
Nov 21, 2024
Aug 5, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2020-16847
1Extremenetworks
1Extreme Management Center
Nov 21, 2024
Aug 4, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-13820
1Extremenetworks
1Extreme Management Center
Nov 21, 2024
Aug 3, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
CVE-2018-5797
1Extremenetworks
1Extremewireless Wing
Nov 21, 2024
Feb 5, 2018
N/A· v4
7.5 HIGH· v3
3.3 LOW· v2
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext creden...Show more
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.Show less