MidnightBSD

Advisories for oleumtech

CVE-2014-2359 MEDIUM

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
oleumtech ft1_firmware -
oleumtech ad1_firmware -
CVE-2014-2360 MEDIUM

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
oleumtech wio_dh2_wireless_gateway -
oleumtech sensor_wireless_i/o_module -
CVE-2014-2361 HIGH

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-320,NVD-CWE-Other,

Products Affected

Vendor Product Version
oleumtech wio_dh2_wireless_gateway -
oleumtech sensor_wireless_i/o_module -
CVE-2014-2362 HIGH

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-338,NVD-CWE-Other,

Products Affected

Vendor Product Version
oleumtech wio_dh2_wireless_gateway -
oleumtech sensor_wireless_i/o_module -