Vulnerabilities > Siemens > Scalance W1750D Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-30 CVE-2021-25158 Race Condition vulnerability in multiple products
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below.
4.3
2021-03-30 CVE-2021-25157 A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below.
network
low complexity
arubanetworks siemens
4.0
2021-03-30 CVE-2021-25156 A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below.
network
low complexity
arubanetworks siemens
4.0
2021-03-29 CVE-2021-25143 A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below.
network
low complexity
arubanetworks siemens
5.0
2021-03-29 CVE-2019-5317 Improper Authentication vulnerability in multiple products
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.
local
low complexity
arubanetworks siemens CWE-287
4.6
2019-05-10 CVE-2018-7064 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface.
4.3
2019-05-10 CVE-2018-7083 Information Exposure vulnerability in multiple products
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed.
network
low complexity
arubanetworks siemens CWE-200
5.0
2017-12-13 CVE-2017-13099 Information Exposure Through Discrepancy vulnerability in multiple products
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.
4.3