sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rapidstream | rapidstream | 6000 |
| rapidstream | rapidstream | 4000 |
| rapidstream | rapidstream | 2000 |
| rapidstream | rapidstream | 8000 |
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| watchguard | firebox | v10 |
| rapidstream | rapidstream | 6000 |
| watchguard | firebox | v60 |
| watchguard | firebox | v80 |
| watchguard | firebox | v100 |
| rapidstream | rapidstream | 500 |
| rapidstream | rapidstream | 4000 |
| rapidstream | rapidstream | 2000 |
| rapidstream | rapidstream | 8000 |
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| watchguard | firebox | v10 |
| rapidstream | rapidstream | 6000 |
| watchguard | firebox | v60 |
| watchguard | firebox | v80 |
| watchguard | firebox | v100 |
| rapidstream | rapidstream | 500 |
| rapidstream | rapidstream | 4000 |
| rapidstream | rapidstream | 2000 |
| rapidstream | rapidstream | 8000 |