Aggregates CVE and security vulnerability intelligence across all cyberoam-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-6811 | SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | [email protected] | 7.5 | 1.78% | 2015-09-04 | 2026-05-06 |
| CVE-2014-5503 | SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | [email protected] | 10.0 | 1.28% | 2014-10-07 | 2026-05-06 |
| CVE-2014-5502 | The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | [email protected] | 9.0 | 1.05% | 2014-10-07 | 2026-05-06 |
| CVE-2014-5501 | Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file. | [email protected] | 9.3 | 6.67% | 2014-10-07 | 2026-05-06 |
| CVE-2012-1047 | Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action. | [email protected] | 7.5 | 2.63% | 2012-02-12 | 2026-04-29 |