The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NIomega Nas A300u
HWIomegawszystkie wersjeIomega Nas A300u Firmware
OSIomegawszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2009-2367CRITICAL9.8ten sam vendor
cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers ...
CVE-2001-0110HIGH7.2ten sam vendor
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY e...
CVE-2012-2283MEDIUM5.5ten sam vendor
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Driv...
CVE-2002-1863MEDIUM4.6ten sam vendor
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be d...
CVE-2002-1955MEDIUM5.0ten sam vendor
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attac...