彙總 ecos 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-12338 | Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access. | [email protected] | 9.8 | 1.54% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12337 | Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. | [email protected] | 4.6 | 0.34% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12336 | Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. | [email protected] | 9.8 | 1.54% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12335 | Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment. | [email protected] | 7.3 | 0.43% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12334 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. | [email protected] | 7.5 | 0.57% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12333 | Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. | [email protected] | 8.1 | 0.43% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12332 | Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. | [email protected] | 4.2 | 0.18% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12331 | Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." | [email protected] | 7.4 | 0.95% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12330 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. | [email protected] | 8.1 | 0.80% | 2018-06-17 | 2026-06-16 |
| CVE-2018-12329 | Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. | [email protected] | 5.9 | 0.89% | 2018-06-17 | 2026-06-16 |
| CVE-2017-1000020 | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reprodu | [email protected] | 9.8 | 2.92% | 2017-07-17 | 2026-06-16 |