Masahiro Nakada

**Name of the Vulnerable Software and Affected Versions** D-Link Japan DES-3800 devices with firmware prior to R4.50B58 **Description** The issue is related to an unspecified vulnerability in the Web manager implementation, allowing remote attackers to cause a denial of service, resulting in a device hang. The vulnerability can be exploited via unknown vectors. **Recommendations** For D-Link Japan DES-3800 devices with firmware prior to R4.50B58, update the firmware to version R4.50B58 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link Japan DES-3800 devices with firmware prior to R4.50B58 **Description** The issue is related to an unspecified vulnerability in the SSH implementation, allowing remote authenticated users to cause a denial of service, resulting in a device hang. The vulnerability can be exploited via unknown vectors. **Recommendations** For D-Link Japan DES-3800 devices with firmware prior to R4.50B58, update the firmware to version R4.50B58 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link Japan DWL-2100AP versions prior to R252JP-RC572 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a reboot of the device, by leveraging login access. **Recommendations** For versions prior to R252JP-RC572, update the firmware to R252JP-RC572 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link Japan DES-3810 devices with firmware prior to R2.20.011 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a device hang, by leveraging login access. This can be achieved through the SSH implementation on the affected devices. **Recommendations** For D-Link Japan DES-3810 devices with firmware prior to R2.20.011, update the firmware to version R2.20.011 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.5 through 6.9 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in a daemon hang, via a crafted public-key authentication request in the IPSSH server. **Recommendations** For versions 6.5 through 6.9, consider disabling public-key authentication as a temporary workaround until a patch is available. Restrict access to the IPSSH server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 5.5 through 6.9 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a CLI session crash, by sending a crafted command string to the WebCLI component. **Recommendations** For versions 5.5 through 6.9, consider restricting access to the WebCLI component until a fix is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 5.5 through 6.9 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted URI to the web server. **Recommendations** For versions 5.5 through 6.9, consider disabling the web server functionality until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.5 through 6.9 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon outage, by sending a crafted authentication request to the IPSSH server. **Recommendations** For Wind River VxWorks versions 6.5 through 6.9, consider restricting access to the IPSSH server until a fix is available. As a temporary workaround, limiting the number of authentication requests from a single source may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.5 through 6.9 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a daemon outage, by sending a crafted packet. **Recommendations** For versions 6.5 through 6.9, consider restricting access to the SSH server to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Wind River VxWorks versions 6.5 through 6.9 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a daemon outage, by sending a crafted pty request. **Recommendations** For versions 6.5 through 6.9, consider restricting access to the SSH server to minimize the risk of exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business 200 Series Smart Switch versions 1.2.7.76 and earlier Cisco Small Business 300 Series Managed Switch versions 1.2.7.76 and earlier Cisco Small Business 500 Series Stackable Managed Switch versions 1.2.7.76 and earlier **Description** The issue allows remote attackers to cause a denial of service at the SSL/TLS layer via malformed packets. This can be achieved through either SSH or SSL packets. **Recommendations** For Cisco Small Business 200 Series Smart Switch versions 1.2.7.76 and earlier, update to a version later than 1.2.7.76 to resolve the issue. For Cisco Small Business 300 Series Managed Switch versions 1.2.7.76 and earlier, update to a version later than 1.2.7.76 to resolve the issue. For Cisco Small Business 500 Series Stackable Managed Switch versions 1.2.7.76 and earlier, update to a version later than 1.2.7.76 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DES-3800 versions prior to 4.50B052 D-Link DWL-2100AP versions prior to 2.50RC548 D-Link DWL-3200AP versions prior to 2.55RC549 **Description** A buffer overflow issue exists in the SSH server functionality, allowing remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. **Recommendations** For D-Link DES-3800 versions prior to 4.50B052, update to firmware version 4.50B052 or later. For D-Link DWL-2100AP versions prior to 2.50RC548, update to firmware version 2.50RC548 or later. For D-Link DWL-3200AP versions prior to 2.55RC549, update to firmware version 2.55RC549 or later.