MidnightBSD

Advisories for aeroadmin

CVE-2017-8893 MEDIUM

AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
aeroadmin aeroadmin 4.1
CVE-2017-8894 MEDIUM

AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
aeroadmin aeroadmin 4.1