Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| koyo | h4-ecom | * |
| koyo | h4-ecom100 | * |
| koyo | h4-ecom-f | * |
| koyo | h0-ecom100 | * |
| koyo | h2-ecom-f | * |
| koyo | h0-ecom | * |
| koyo | h2-ecom | * |
| koyo | h2-ecom100 | * |
The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| koyo | h4-ecom | * |
| koyo | h4-ecom100 | * |
| koyo | h4-ecom-f | * |
| koyo | h0-ecom100 | * |
| koyo | h2-ecom-f | * |
| koyo | h0-ecom | * |
| koyo | h2-ecom | * |
| koyo | h2-ecom100 | * |
Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| koyo | h4-ecom | * |
| koyo | h4-ecom100 | * |
| koyo | h4-ecom-f | * |
| koyo | h0-ecom100 | * |
| koyo | h2-ecom-f | * |
| koyo | h0-ecom | * |
| koyo | h2-ecom | * |
| koyo | h2-ecom100 | * |
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| koyo | h4-ecom | * |
| koyo | h4-ecom100 | * |
| koyo | h4-ecom-f | * |
| koyo | h0-ecom100 | * |
| koyo | h2-ecom-f | * |
| koyo | h0-ecom | * |
| koyo | h2-ecom | * |
| koyo | h2-ecom100 | * |
The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| koyo | h4-ecom | * |
| koyo | h4-ecom100 | * |
| koyo | h4-ecom-f | * |
| koyo | h0-ecom100 | * |
| koyo | h2-ecom-f | * |
| koyo | h0-ecom | * |
| koyo | h2-ecom | * |
| koyo | h2-ecom100 | * |