Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.
oryginał ENCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HWestermo Weos
OSWestermo4.18.0
Powiązane podatności
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ...
An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.
An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that c...
The cross-site request forgery token in the request may be predictable or easily guessable allowi...