The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| antlabs | inngate_ig_3.01_e | * |
| antlabs | inngate_ig_3.02_e | * |
| antlabs | inngate_ig_3.00_e | * |
| antlabs | inngate_ig_3100 | * |
| antlabs | inngate_ig_3101 | * |
| antlabs | inngate_ig_3.10_g | * |
| antlabs | inngate_ig_3.10_e | * |
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| antlabs | inngate_sg_4 | - |
| antlabs | inngate_ssg_4 | - |
| antlabs | inngate_ig_3.10_e | - |
| antlabs | inngate_ig_3100 | - |
| antlabs | inngate_ig_3.01_e | - |
| antlabs | inngate_ig_3.10_m | - |
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| antlabs | inngate_sg_4 | - |
| antlabs | inngate_ssg_4 | - |
| antlabs | inngate_ig_3.10_e | - |
| antlabs | inngate_ig_3100 | - |
| antlabs | inngate_ig_3.01_e | - |
| antlabs | inngate_ig_3.10_m | - |