汇总 ecos 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 路径处理缺陷,在 生产负载与软件部署 使用场景中可能带来 文件覆盖 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2018-12338 | Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access. | [email protected] | 9.8 | 0.38% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12337 | Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. | [email protected] | 4.6 | 0.07% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12336 | Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. | [email protected] | 9.8 | 0.38% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12335 | Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | [email protected] | 7.3 | 0.08% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12334 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. | [email protected] | 7.5 | 0.19% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12333 | Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. | [email protected] | 8.1 | 0.14% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12332 | Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. | [email protected] | 4.2 | 0.03% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12331 | Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." | [email protected] | 7.4 | 0.18% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12330 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. | [email protected] | 8.1 | 0.12% | 2018-06-17 | 2024-11-21 |
| CVE-2018-12329 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. | [email protected] | 5.9 | 0.31% | 2018-06-17 | 2024-11-21 |
| CVE-2017-1000020 | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reprodu | [email protected] | 9.8 | 1.13% | 2017-07-17 | 2026-05-13 |