汇总 3com 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 缓冲区溢出、输入验证问题与路径处理缺陷 相关,可能在 生产负载与软件部署 场景中带来 内存损坏与异常行为 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2008-6395 | The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | [email protected] | 7.8 | 0.85% | 2009-03-04 | 2026-04-23 |
| CVE-2007-5420 | The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | [email protected] | 2.6 | 0.87% | 2007-10-12 | 2026-04-23 |
| CVE-2007-5419 | The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | [email protected] | 10.0 | 1.13% | 2007-10-12 | 2026-04-23 |
| CVE-2007-3711 | Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | [email protected] | 7.5 | 1.79% | 2007-07-11 | 2026-04-23 |
| CVE-2007-3701 | TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | [email protected] | 7.5 | 9.68% | 2007-07-11 | 2026-04-23 |
| CVE-2007-3533 | The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. | [email protected] | 5.0 | 1.19% | 2007-07-03 | 2026-04-23 |
| CVE-2006-3974 | Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | [email protected] | 4.3 | 0.78% | 2007-06-11 | 2026-04-23 |
| CVE-2007-2734 | The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | [email protected] | 7.5 | 1.51% | 2007-05-16 | 2026-04-23 |
| CVE-2007-2276 | 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging. | [email protected] | 7.8 | 0.87% | 2007-04-25 | 2026-04-23 |
| CVE-2006-6183 | Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. | [email protected] | 10.0 | 51.46% | 2006-12-01 | 2026-04-23 |
| CVE-2006-5382 | 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | [email protected] | 7.5 | 1.16% | 2006-10-25 | 2026-04-23 |
| CVE-2006-3678 | TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. | [email protected] | 5.0 | 1.29% | 2006-07-26 | 2026-04-16 |
| CVE-2006-0993 | The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. | [email protected] | 5.0 | 1.06% | 2006-05-10 | 2026-04-16 |
| CVE-2006-2054 | 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. | [email protected] | 5.0 | 1.27% | 2006-04-26 | 2026-04-16 |
| CVE-2006-0362 | TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header. | [email protected] | 5.0 | 1.27% | 2006-01-22 | 2026-04-16 |
| CVE-2005-2020 | Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | [email protected] | 5.0 | 3.84% | 2005-09-08 | 2026-04-16 |
| CVE-2005-2391 | Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | [email protected] | 5.0 | 0.33% | 2005-07-27 | 2026-04-16 |
| CVE-2005-0278 | The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message. | [email protected] | 5.0 | 0.46% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0277 | Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls. | [email protected] | 5.0 | 79.30% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0276 | Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | [email protected] | 5.0 | 0.74% | 2005-05-02 | 2026-04-16 |