MidnightBSD

Advisories for koyo

CVE-2012-1805 HIGH

Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
koyo h4-ecom *
koyo h4-ecom100 *
koyo h4-ecom-f *
koyo h0-ecom100 *
koyo h2-ecom-f *
koyo h0-ecom *
koyo h2-ecom *
koyo h2-ecom100 *
CVE-2012-1806 HIGH

The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
koyo h4-ecom *
koyo h4-ecom100 *
koyo h4-ecom-f *
koyo h0-ecom100 *
koyo h2-ecom-f *
koyo h0-ecom *
koyo h2-ecom *
koyo h2-ecom100 *
CVE-2012-1807 MEDIUM

Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
koyo h4-ecom *
koyo h4-ecom100 *
koyo h4-ecom-f *
koyo h0-ecom100 *
koyo h2-ecom-f *
koyo h0-ecom *
koyo h2-ecom *
koyo h2-ecom100 *
CVE-2012-1808 HIGH

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
koyo h4-ecom *
koyo h4-ecom100 *
koyo h4-ecom-f *
koyo h0-ecom100 *
koyo h2-ecom-f *
koyo h0-ecom *
koyo h2-ecom *
koyo h2-ecom100 *
CVE-2012-1809 MEDIUM

The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
koyo h4-ecom *
koyo h4-ecom100 *
koyo h4-ecom-f *
koyo h0-ecom100 *
koyo h2-ecom-f *
koyo h0-ecom *
koyo h2-ecom *
koyo h2-ecom100 *