Zyxel Gs1900-10Hp Firmware vulnerabilities

CVE-2016-1348 [HIGH] CWE-399 CVE-2016-1348: Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

CVE-2016-1344 [MEDIUM] CWE-399 CVE-2016-1344: The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote at The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CVE-2016-1329 [CRITICAL] CWE-287 CVE-2016-1329: Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5 Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

CVE-2015-0718 [HIGH] CWE-399 CVE-2015-0718: Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Comp Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.

CVE-2015-6260 [HIGH] CWE-20 CVE-2015-6260: Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNM Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.

CVE-2016-1319 [MEDIUM] CWE-200 CVE-2016-1319: Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.1290 Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via

CVE-2016-1317 [MEDIUM] CWE-200 CVE-2016-1317: Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain s Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.

CVE-2016-1302 [HIGH] CWE-284 CVE-2016-1302: Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1 Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

CVE-2015-6398 [HIGH] CWE-399 CVE-2015-6398: Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

CVE-2016-1307 [MEDIUM] CWE-255 CVE-2016-1307: The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

CVE-2015-5989 [CRITICAL] CWE-264 CVE-2015-5989: Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.

CVE-2015-5988 [CRITICAL] CWE-255 CVE-2015-5988: The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

CVE-2015-5990 [HIGH] CWE-352 CVE-2015-5990: Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 al Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-5987 [HIGH] CVE-2015-5987: Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.