VARIoT IoT vulnerabilities database

The D-Link DGS-1510 series is the next generation of intelligent managed switches. There is a certificate bypass vulnerability in D-LinkDGS-1510Switches. Allows an attacker to exploit the vulnerability to execute commands on the switch, extract configuration and get user information from the device, including username and password, and add new users with administrator privileges.

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. Ruckus Wireless Zone Director Controller is an enterprise-level intelligent wireless local area network (WLAN) controller from Ruckus Wireless. It can centrally manage all intelligent access points in the WLAN and provide hotspot identity authentication, Entry point detection and other functions. A local attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. A local attacker could exploit this vulnerability to execute arbitrary commands

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. MikroTik RouterOS is a routing operating system based on the Linux kernel. MikroTik RouterOS is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. RouterOS 6.83.3 and 6.37.4 are vulnerable; other versions may also be affected. This system turns a PC computer into a professional router. L2TP Client is one of the communication protocol clients

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. There is a security hole in the web interface of Dahua DHI-HCVR7216A-S3 device. A remote attacker can exploit a vulnerability to submit a special request that does not authorize access to the device. Dahua Security DVR Appliances are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a a denial-of-service condition. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. The following products and versions are affected: F5 BIG-IP LTM version 12.1.0 to 12.1.2; BIG-IP AAM version 12.1.0 to 12.1.2; BIG-IP AFM version 12.1.0 to 12.1.2; BIG-IP Analytics version 12.1.0 through 12.1.2; BIG-IP APM version 12.1.0 through 12.1.2; BIG-IP ASM version 12.1.0 through 12.1.2; BIG-IP DNS version 12.1.0 to version 12.1.2; BIG-IP Link Controller version 12.1.0 to version 12.1.2; BIG-IP PEM version 12.1.0 to version 12.1.2; BIG-IP WebSafe version 12.1.0 to version 12.1.2

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change. plural F5 BIG-IP The product contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 to 12.1.2; BIG-IP AAM version 12.0.0 to 12.1.2; BIG-IP AFM version 12.0.0 to 12.1.2; BIG-IP Analytics version 12.0.0 through 12.1.2; BIG-IP APM version 12.0.0 through 12.1.2; BIG-IP ASM version 12.0.0 through 12.1.2; BIG-IP DNS version 12.0.0 to version 12.1.2; BIG-IP Link Controller version 12.0.0 to version 12.1.2; BIG-IP PEM version 12.0.0 to version 12.1.2; BIG-IP WebSafe version 12.0.0 to version 12.1.2

Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. Failed exploit attempts will result in a denial of service condition. The software provides features such as visibility so that incident responders can plan remediation and prevention of future attacks

A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution. VIPA Controls WinPLC7 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VIPA Automation WinPLC7. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of TCP packets. The software fails to validate the length field within the packet before copying it to a stack buffer. An attacker can leverage this vulnerability to execute code in the context of the process. WinPLC is a free set of applications for controlling the Velleman K8000 (Computer Interface Board). VIPA Controls WinPLC7 is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. WinPLC7 5.0.45.5921 and prior versions are vulnerable

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. RUGGEDCOM NMS is an enterprise-level solution for the monitoring, configuration and maintenance of RUGGEDCOM mission-critical networks by Siemens AG. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. plural F5 BIG-IP The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the device, resulting in denial-of-service condition. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. An attacker could exploit this vulnerability with a sequence of requests to cause a denial of service (Traffic Management Microkernel restart and traffic interruption). The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.2 HF1; BIG-IP AAM Release 13.0.0, Release 12.1.2 HF1; BIG-IP AFM Release 13.0.0, Release 12.1.2 HF1 version; BIG-IP Analytics version 13.0.0, 12.1.2 HF1 version; BIG-IP APM version 13.0.0, 12.1.2 HF1 version; BIG-IP ASM version 13.0.0, 12.1.2 HF1 version; IP DNS Version 13.0.0, Version 12.1.2 HF1; BIG-IP Link Controller Version 13.0.0, Version 12.1.2 HF1; BIG-IP PEM Version 13.0.0, Version 12.1.2 HF1; BIG-IP WebSafe 13.0. 0 version, 12.1.2 HF1 version

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. F5 BIG-IP AFM is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. F5 BIG-IP Advanced Firewall Manager (AFM) is a firewall manager from F5 Corporation in the United States that can be extended to prevent high-volume DDoS attacks that can overwhelm load balancers, firewalls, and even networks. Configuration utility is a configuration tool. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and change IP Intelligence (IPI) policy data

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. plural F5 BIG-IP There is an input validation vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products is prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the application resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.1, Release 11.5.0 to Release 11.5.4; BIG-IP AAM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP AFM 13.0.0, 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.0 to Version 11.5.4; BIG-IP Analytics Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6 .1 version, 11.5.0 to 11.5.4 version; BIG-IP APM version 13.0.0, 12.0.0 to 12.1.2 version, 11.6.0 to 11.6.1 version, 11.5.0 to 11.5 version. 4 version; BIG-IP ASM version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP DNS 13.0.0 , 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP GTM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP Link Controller 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, Version 11.5.0 through 11.5.4; BIG-IP PEM version 13.0.0, version 12.0.0 through 12.1

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. plural F5 BIG-IP There is an input validation vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to restart the affected application resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker can exploit this vulnerability by sending HTTP requests to cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.0 to Release 12.1.2; BIG-IP AAM Release 13.0.0, Release 12.1.0 to Release 12.1.2; BIG-IP AFM Version 13.0.0, version 12.1.0 to version 12.1.2; BIG-IP Analytics version 13.0.0, version 12.1.0 to version 12.1.2; BIG-IP APM version 13.0.0, version 12.1.0 to 12.1. 2 version; BIG-IP ASM version 13.0.0, version 12.1.0 to 12.1.2; BIG-IP DNS version 13.0.0, version 12.1.0 to 12.1.2; BIG-IP Link Controller version 13.0.0 , version 12.1.0 to 12.1.2; BIG-IP PEM version 13.0.0, version 12.1.0 to 12.1.2; BIG-IP WebSafe version 13.0.0, version 12.1.0 to 12.1.2

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. plural F5 BIG-IP There is an input validation vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.0 to Release 12.1.2, Release 11.5.1 to Release 11.6.1; BIG-IP AAM Release 13.0.0, Release 12.1.0 to 12.1.2, 11.5.1 to 11.6.1; BIG-IP AFM 13.0.0, 12.1.0 to 12.1.2, 11.5.1 to 11.6.1; BIG-IP Analytics 13.0 .0, 12.1.0 to 12.1.2, 11.5.1 to 11.6.1; BIG-IP APM 13.0.0, 12.1.0 to 12.1.2, 11.5.1 to 11.6. 1 release; BIG-IP ASM release 13.0.0, release 12.1.0 to release 12.1.2, release 11.5.1 to release 11.6.1; BIG-IP DNS release 13.0.0, release 12.1.0 to release 12.1.2 , version 11.5.1 to 11.6.1; BIG-IP GTM version 13.0.0, version 12.1.0 to 12.1.2, version 11.5.1 to 11.6.1; BIG-IP Link Controller version 13.0.0, 12.1.0 to 12.1.2, 11.5.1 to 11.6.1; BIG-IP PEM 13.0.0, 12.1.0 to 12.1.2, 11.5.1 to 11.6.1; BIG -IP WebSafe version 13.0.0, version 12.1.0 to version 12.1.2, version 11.5.1 to version 11.6.1

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. plural F5 BIG-IP There is a resource management vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive memory consumption. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. An attacker could exploit this vulnerability to cause a denial of service (BIG-IP memory resource exhaustion) with maliciously crafted network traffic. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0; BIG-IP AAM version 13.0.0; BIG-IP AFM version 13.0.0; BIG-IP Analytics version 13.0.0; BIG-IP APM 13.0. 0 version; BIG-IP ASM version 13.0.0; BIG-IP DNS version 13.0.0; BIG-IP GTM version 13.0.0; BIG-IP Link Controller version 13.0.0; BIG-IP PEM version 13.0.0; -IP WebSafe version 13.0.0

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). plural F5 BIG-IP There is an input validation vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. An attacker could exploit this vulnerability to disrupt the Traffic Management Microkernel (TMM) service. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2; BIG-IP AAM Release 13.0.0, Release 12.0.0 to Release 12.1.2; BIG-IP AFM Version 13.0.0, version 12.0.0 to version 12.1.2; BIG-IP Analytics version 13.0.0, version 12.0.0 to version 12.1.2; BIG-IP APM version 13.0.0, version 12.0.0 to 12.1. 2 version; BIG-IP ASM version 13.0.0, version 12.0.0 to 12.1.2; BIG-IP DNS version 13.0.0, version 12.0.0 to 12.1.2; BIG-IP GTM version 13.0.0, 12.0.0 through 12.1.2; BIG-IP Link Controller 13.0.0, 12.0.0 through 12.1.2; BIG-IP PEM 13.0.0, 12.0.0 through 12.1.2; BIG -IP WebSafe Version 13.0.0, Version 12.0.0 to Version 12.1.2

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. plural F5 BIG-IP There is an input validation vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker can exploit this vulnerability by sending malicious requests to cause a denial of service (TMM restart). The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.0 to Release 12.1.2; BIG-IP AAM Release 13.0.0, Release 12.1.0 to Release 12.1.2; BIG-IP AFM Version 13.0.0, version 12.1.0 to version 12.1.2; BIG-IP Analytics version 13.0.0, version 12.1.0 to version 12.1.2; BIG-IP APM version 13.0.0, version 12.1.0 to 12.1. 2 version; BIG-IP ASM version 13.0.0, version 12.1.0 to 12.1.2; BIG-IP DNS version 13.0.0, version 12.1.0 to 12.1.2; BIG-IP GTM version 13.0.0, Version 12.1.0 through Version 12.1.2; BIG-IP Link Controller Version 13.0.0, Version 12.1.0 through Version 12.1.2; BIG-IP PEM; BIG-IP WebSafe Version 13.0.0, Version 12.1.0 through 12.1 .2 version

On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP 2000s, etc. are all products of the US F5 company. F5 BIG-IP 2000s is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. BIG-IP LTM is a local traffic manager. A security vulnerability exists in several F5 products on various F5 BIG-IP platforms. An attacker could exploit this vulnerability by sending a series of packets to disrupt service. The following products and versions are affected: F5 BIG-IP 2000s, BIG-IP 2200s, BIG-IP 4000s, BIG-IP 4200v, BIG-IP i5600, BIG-IPi5800, BIG-IPi7600, BIG-IP i7800, BIG-IP i10600 , BIG-IP i10800, BIG-IP VIPRION 4450 blades (platform); BIG-IP LTM Version 12.0.0 to Version 12.1.2, Version 11.6.1, Version 11.5.1 to Version 11.5.4, BIG-IP AAM 12.0 .0 to 12.1.2, 11.6.1, 11.5.1 to 11.5.4, BIG-IP AFM 12.0.0 to 12.1.2, 11.6.1, 11.5.1 to 11.5. 4 versions, BIG-IP Analytics 12.0.0 to 12.1.2, 11.6.1, 11.5.1 to 11.5.4, BIG-IP APM 12.0.0 to 12.1.2, 11.6.1 , 11.5.1 to 11.5.4, BIG-IP ASM 12.0.0 to 12.1.2, 11.6.1, 11.5.1 to 11.5.4, BIG-IP DNS 12.0.0 to 12.1 .2, 11.6.1, 11.5.1 to 11.5.4, BIG-IP GTM 12.0.0 to 12.1.2, 11.6.1, 11.5.1 to 11.5.4, BIG-IP GTM IP PEM version 12.0.0 to 12.1.2, 11.6.1, 11.5.1 to 11.5.4 (product)

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. RUGGEDCOM NMS is an enterprise-level solution for the monitoring, configuration and maintenance of RUGGEDCOM mission-critical networks by Siemens AG. Siemens RUGGEDCOM NMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Versions prior to Siemens RUGGEDCOM NMS 2.1 are vulnerable. An attacker could exploit this vulnerability to gain administrator privileges