Vulnerabilities > Siemens > Scalance W1750D Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-30 CVE-2021-25149 Classic Buffer Overflow vulnerability in multiple products
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
network
low complexity
arubanetworks siemens CWE-120
critical
9.8
2021-03-29 CVE-2020-24636 OS Command Injection vulnerability in multiple products
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.
network
low complexity
arubanetworks siemens CWE-78
critical
9.8
2020-01-31 CVE-2016-2031 Improper Input Validation vulnerability in multiple products
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
network
low complexity
arubanetworks siemens CWE-20
critical
9.8
2019-05-10 CVE-2018-7084 OS Command Injection vulnerability in multiple products
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system.
network
low complexity
arubanetworks siemens CWE-78
critical
9.8
2017-10-04 CVE-2017-14491 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
9.8