VARIoT IoT vulnerabilities database

The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in the Cisco IOS domain-based firewall component that allows unauthenticated remote attackers to suspend or reload affected devices. If the device is configured with content filtering or HTTP application layer gateway detection, the attacker sends a specific HTTP packet to the affected device to trigger the vulnerability. The vulnerability can be successfully used to suspend the device or Overloading, causing a denial of service attack. The following devices are affected by this vulnerability: Cisco IOS 15.1 GC 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M2, 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4, 15.1( 4) M5 | 15.1XB 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1) T3a, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(2)T4, 15.2(3)T, 15.2(3)T1, 15.2(3)T2, 15.2(3)T3 | 15.2XA 15.2(3)XA. Cisco IOS is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtx56174

The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465. Cisco IOS of T1/E1 driver-queue Features include HDLC32 If you are using a driver, the service operation is interrupted. ( Interface queue wedge ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. When the affected device handles burst communication, the packets queued by the Cisco IOS router or switch are not deleted from the queue, which can cause an interface queue attack. Repeated exploitation can lead to denial of service attacks. The following devices are affected by this vulnerability: Cisco IOS15.0(1)M1 Base | 15.0M 15.0(1)M, 15.0(1)M10, 15.0(1)M2, 15.0(1)M3, 15.0(1)M4, 15.0( 1) M5, 15.0(1)M6, 15.0(1)M6a, 15.0(1)M7, 15.0(1)M8, 15.0(1)M9 | 15.0XA 15.0(1)XA, 15.0(1)XA1, 15.0( 1) XA2, 15.0(1)XA3, 15.0(1)XA4, 15.0(1)XA5 | 15.1(2)T Base | 15.1GC 15.1(2)GC, 15.1(2)GC1, 15.1(2)GC2, 15.1 (4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2, 15.1(4)M3, 15.1 (4) M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1T 15.1(1)T, 15.1(1)T1, 15.1(1)T2, 15.1(1)T3, 15.1 (1) T4, 15.1(1)T5, 15.1(2)T0a, 15.1(2)T1, 15.1(2)T2, 15.1(2)T2a, 15.1(2)T3, 15.1(2)T4, 15.1(2 ) T5, 15.1(3)T, 15.1(3)T1, 15.1(3)T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(1)XB, 15.1(1)XB1, 15.1(1 ) XB2, 15.1(1)XB3, 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8a | 15.2GC 15.2(1 ) GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2JA 15.2(2)JA, 15.2 (2) JA1, 15.2(4)JA | 15.2JAX 15.2(2)JAX | 15.2JB 15.2(2)JB, 15.2(2)JB1 | 15.2M 1 5.2(4)M, 15.2(4)M1, 15.2(4)M2 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4, 15.2(100)T, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2( 3) T2, 15.2(3)T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3T 15.3(1)T, 15.3(1)T1. Cisco IOS is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCub67465. Vulnerabilities exist in the following versions: Cisco IOS Release 12.2, Releases 15.0 through 15.3

Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is caused by incorrectly parsing UDP RSVP packets. The attacker can send UDP RSVP packets to the affected device to exploit the vulnerability. Wedge), which can cause link loss, interrupt communication and other denial of service conditions. The following products are affected by this vulnerability: Cisco Cisco IOS XE Software 3.2S .0, .1, .2 | 3.3S .0, .1, .2 | 3.4S .0, .1, .2, .3, .4 | 3.5S .0, .1, .2, Base | 3.6S .0, .1, .2, Base | 3.7S .0, .1, BaseCiscoIOS15.0(1)M1 Base | 15.0M 15.0(1)M , 15.0(1)M10, 15.0(1)M2, 15.0(1)M3, 15.0(1)M4, 15.0(1)M5, 15.0(1)M6, 15.0(1)M6a, 15.0(1)M7, 15.0 (1) M8, 15.0(1)M9 | 15.0SY 15.0(1)SY, 15.0(1)SY1, 15.0(1)SY2, 15.0(1)SY3, 15.0(1)SY4 | 15.0XA 15.0(1)XA , 15.0(1)XA1, 15.0(1)XA2, 15.0(1)XA3, 15.0(1)XA4, 15.0(1)XA5 | 15.1(2)T Base | 15.1EY 15.1(2)EY, 15.1(2) EY1, 15.1(2)EY1a, 15.1(2)EY2, 15.1(2)EY2a, 15.1(2)EY3, 15.1(2)EY4 | 15.1GC 15.1(2)GC, 15.1(2)GC1, 15.1(2) GC2, 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2, 15.1(4) M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1MR 15.1(1)MR, 15.1(1)MR1, 15.1(1)MR2, 15.1(1) MR3, 15.1(1)MR4, 15.1(1)MR5, 15.1(1)MR6, 15.1(3)MR | 15.1MRA 15.1(3)MRA, 15.1(3)MRA1 | 15.1S 15.1(1)S, 15.1( 1) S1, 15.1(1)S2, 15.1(2)S, 15.1(2)S1, 15.1(2)S2, 15.1(3)S, 15.1 (3) S0a, 15.1(3)S1, 15.1(3)S2, 15.1(3)S3, 15.1(3)S4, 15.1(3)S5, 15.1(3)S5a | 15.1SA 15.1(1)SA, 15.1 (1) SA1, 15.1(1)SA2 | 15.1SNG 15.1(2)SNG | 15.1SNH 15.1(2)SNH, 15.1(2)SNH1 | 15.1SNI 15.1(2)SNI | 15.1SY 15.1(1)SY, 15.1 (1) SY1 | 15.1T 15.1(1)T, 15.1(1)T1, 15.1(1)T2, 15.1(1)T3, 15.1(1)T4, 15.1(1)T5, 15.1(2)T0a, 15.1 (2) T1, 15.1(2)T2, 15.1(2)T2a, 15.1(2)T3, 15.1(2)T4, 15.1(2)T5, 15.1(3)T, 15.1(3)T1, 15.1(3 ) T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(1)XB, 15.1(1)XB1, 15.1(1)XB2, 15.1(1)XB3, 15.1(4)XB4, 15.1(4 ) XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1(4)XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2 ) GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M2, 15.2(4)M3 | 15.2 S 15.2(1)S, 15.2(1)S1, 15.2(1)S2, 15.2(2)S, 15.2(2)S0a, 15.2(2)S0c, 15.2(2)S0d, 15.2(2)S1, 15.2 (2) S2, 15.2(4)S, 15.2(4)S0c, 15.2(4)S1, 15.2(4)S2, 15.2(4)S3, 15.2(4)S3a | 15.2SA 15.2(1)SA | 15.2 SB 15.2(1)SB, 15.2(1)SB1, 15.2(1)SB3, 15.2(1)SB4 | 15.2SC 15.2(1)SC1a | 15.2SNG 15.2(2)SNG | 15 .2SNH 15.2(2)SNH, 15.2(2)SNH1 | 15.2SNI 15.2(2)SNI | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2( 1) T3a, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2(3) T2, 15.2(3)T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3S 15.3(1)S, 15.3(1)S1, 15.3(1)S1e, 15.3(1)S2 | 15.3T 15.3(1)T, 15.3(1)T1, 15.3(2)T. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuf17023

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS Software that unauthenticated remote attackers can exploit vulnerabilities to overload devices. The vulnerability is caused by improper processing of DNS packets that need to be translated through the NAT boundary. The attacker uses the vulnerability to continuously send certain DNS packets to the target device. When a malicious packet is processed, a bus error can cause the device to reset. Denial of service attack. The following devices are affected by this vulnerability: Cisco IOS 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1(4)M2 | 15.1T 15.1(3)T, 15.1( 3) T1, 15.1(3)T2 | 15.1XB 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6 | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtn53730

The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in Cisco IOS Software that unauthenticated remote attackers can exploit vulnerabilities to overload devices. The vulnerability is caused by incorrectly processing DNS packets that need to be translated through the NAT boundary. The attacker uses the vulnerability to continuously send certain DNS packets to the target device. When a malicious packet is processed, an unknown error can cause the device to reset. Denial of service attack. The following devices are affected by this vulnerability: Cisco IOS 15.1 GC 15.1(4)GC, 15.1(4)GC1 | 15.1M 15.1(4)M, 15.1(4)M0a, 15.1(4)M0b, 15.1(4)M1, 15.1( 4) M2, 15.1(4)M3, 15.1(4)M3a, 15.1(4)M4, 15.1(4)M5, 15.1(4)M6 | 15.1T 15.1(3)T, 15.1(3)T1, 15.1( 3) T2, 15.1(3)T3, 15.1(3)T4 | 15.1XB 15.1(4)XB4, 15.1(4)XB5, 15.1(4)XB5a, 15.1(4)XB6, 15.1(4)XB7, 15.1( 4) XB8a | 15.2GC 15.2(1)GC, 15.2(1)GC1, 15.2(1)GC2, 15.2(2)GC, 15.2(3)GC, 15.2(3)GC1 | 15.2GCA 15.2(3)GCA | 15.2JA 15.2(2)JA, 15.2(2)JA1, 15.2(4)JA | 15.2JAX 15.2(2)JAX | 15.2JB 15.2(2)JB, 15.2(2)JB1 | 15.2M 15.2(4)M, 15.2(4)M1, 15.2(4)M2, 15.2(4)M3 | 15.2T 15.2(1)T, 15.2(1)T1, 15.2(1)T2, 15.2(1)T3, 15.2(1)T3a, 15.2(1)T4, 15.2(2)T, 15.2(2)T1, 15.2(2)T2, 15.2(2)T3, 15.2(3)T, 15.2(3)T1, 15.2(3)T2, 15.2( 3) T3 | 15.2XA 15.2(3)XA | 15.2XB 15.2(4)XB10 | 15.3T 15.3(1)T, 15.3(1)T1, 15.3(2)T. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuf28733. Vulnerabilities exist in the following versions: Cisco IOS Release 12.2, Releases 15.0 through 15.3

The high-availability service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) does not properly bind the cluster service to the management interface, which allows remote attackers to obtain sensitive information or cause a denial of service (peer-syncing outage) via a TELNET connection, aka Bug ID CSCtz72910. Vendors report this vulnerability Bug ID CSCtz72910 Published as.By a third party, TELNET Over the connection, important information is obtained or denial of service ( Stop peer synchronization ) May be in a state. Cisco Unified Computing System is prone to a remote security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCtz72910. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. The Triangle Research Nano-10 PLC is a controller for automated manufacturing. The Triangle Research Nano-10 PLC has a remote denial of service attack when processing specially crafted messages, allowing remote attackers to crash applications. This vulnerability can be triggered when the firmware is processing a special length (over 0x200) MODBUS TCP message on TCP port 502. The Platinum SEO Pack plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to Platinum SEO Pack 1.3.8 are vulnerable

A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. Cisco Unified Computing System is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands within the context of the daemon user. This issue is tracked by Cisco Bug ID CSCtg20790. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656. Cisco Unified Computing System is prone to a remote privilege-escalation vulnerability. An authenticated attacker can exploit this issue to gain access to services with escalated privileges. This issue is tracked by Cisco Bug ID CSCtg17656. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. Vendors have confirmed this vulnerability Bug ID CSCtg20761 It is released as.By a third party IPMI By observing the response of the interface, a valid user name may be enumerated. An attacker can exploit this issue to obtain sensitive information; other attacks may also be possible. This issue is being tracked by Cisco Bug ID CSCtg20761. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. Cisco Unified Computing System is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands within the context of the daemon user. This issue is tracked by Cisco Bug ID CSCtg20793. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtg76239. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly validate the input data in the MCTOOLS command in the FI software

Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198. An attacker can exploit this issue to cause denial-of-service conditions. This issue is tracked by Cisco Bug ID CSCtl00198. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter. DELL Provided by integrated Dell Remote Access Controller (iDRAC) Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344. Vendors have confirmed this vulnerability Bug ID CSCuj23344 It is released as.Important query strings or Cookie Information may be obtained. Cisco MediaSense is prone to an information-disclosure vulnerability. A man-in-the-middle attacker may be able to exploit this issue to obtain sensitive information. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuj23344. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. The Bradesco Gateway plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Bradesco Gateway is one of the payment gateway plugins

FiberHome Modem Router HG-110 is a wireless home gateway product. FiberHome Modem Router HG-110 firmware HG110_BH_V1.6 version has directory traversal and security measures to bypass the vulnerability. Successful exploitation allows remote attackers to bypass authentication and remotely change DNS. Exploiting these issues will allow an attacker to bypass security restrictions, perform unauthorized actions and access, read and execute files outside the webroot folder. Information harvested may aid in launching further attacks

The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. DWL-2100AP provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. D-Link Japan DWL-2100AP is a wireless AP device. D-Link DWL-2100AP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot, denying service to legitimate users

The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. DES-3810 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can login with SSH may cause the product to stop responding. D-Link Japan DES-3810 is a managed switch device. D-Link DES-3810 Series are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot, denying service to legitimate users

Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32, SEIL/Turbo with firmware before 2.16, and SEIL/neu 2FE Plus with firmware before 2.16 allows remote attackers to execute arbitrary code via a crafted L2TP message. SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages.An attacker may execute an arbitrary code on the vulnerable system. The SEIL Router is a router from Japan's SEIL vendors. SEIL series routers, including SEIL/x86, SEIL/B1, SEIL/X1, SEIL/X2, Turbo, and neu 2FE Plus are prone to a buffer-overflow vulnerability because they fails to sufficiently bounds check user-supplied data Attackers can exploit this issue to execute arbitrary code in context of the affected device or cause denial-of-service conditions. SEIL/x86, etc. The following products and versions are affected: SEIL/x86 devices with firmware prior to 2.82, SEIL/X1 devices with firmware prior to 4.32, SEIL/X2 devices with firmware prior to 4.32, SEIL/B1 devices with firmware prior to 4.32 , SEIL/Turbo devices using firmware earlier than 2.16, and SEIL/neu 2FE Plus devices using firmware earlier than 2.16