Vulnerabilities > Ceragon > Fibeair IP 10 Firmware

DATE CVE VULNERABILITY TITLE RISK
2017-06-01 CVE-2015-0936 Key Management Errors vulnerability in Ceragon Fibeair Ip-10 Firmware
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
network
low complexity
ceragon CWE-320
7.5
7.5
2017-03-30 CVE-2016-10309 Improper Authentication vulnerability in Ceragon Fibeair Ip-10 Firmware
In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.
network
low complexity
ceragon CWE-287
7.5
7.5