MidnightBSD

Advisories for opengear

CVE-2011-3997 HIGH

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
opengear acm5000_console_server *
opengear opengear_console_server_firmware 2.0.8
opengear kcs6000_rackside_console_server *
opengear img4000_console_server *
opengear opengear_console_server_firmware *
opengear opengear_console_server_firmware 2.0.4u1
opengear cm4000_console_server *
opengear opengear_console_server_firmware 2.1.0
opengear opengear_console_server_firmware 2.0.9
opengear im4004-5_console_server *
opengear opengear_console_server_firmware 2.0.6
opengear opengear_console_server_firmware 2.0.4
opengear im4200_console_server *
opengear opengear_console_server_firmware 2.1.0u1
CVE-2019-14456 LOW

Opengear console server firmware releases prior to 4.5.0 have a stored XSS vulnerability related to serial port logging. If a malicious user of an external system (connected to a serial port on an Opengear console server) sends crafted text to a serial port (that has logging enabled), the text will be replayed when the logs are viewed. Exploiting this vulnerability requires access to the serial port and/or console server.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opengear opengear *