彙總 netopia 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 輸入驗證問題與路徑處理缺陷,在 生產負載與軟體部署 使用場景中可能帶來 異常行為與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2008-1337 | The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier for Windows allows remote attackers to cause (1) a denial of service (daemon crash) via an invalid Version field or (2) a denial of service (CPU consumption and daemon termination) via an invalid or partial message. | [email protected] | 5.0 | 1.19% | 2008-03-14 | 2026-04-23 |
| CVE-2008-1118 | Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields. | [email protected] | 7.5 | 10.82% | 2008-03-14 | 2026-04-23 |
| CVE-2008-1117 | Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220. | [email protected] | 10.0 | 78.87% | 2008-03-14 | 2026-04-23 |
| CVE-2004-0810 | Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407. | [email protected] | 5.0 | 1.39% | 2004-12-23 | 2026-04-16 |
| CVE-2002-0135 | Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). | [email protected] | 5.0 | 6.28% | 2002-03-25 | 2026-04-16 |
| CVE-2001-0438 | Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | [email protected] | 2.1 | 0.06% | 2001-07-02 | 2026-04-16 |
| CVE-2001-0185 | Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. | [email protected] | 5.0 | 0.54% | 2001-03-26 | 2026-04-16 |
| CVE-2000-1179 | Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. | [email protected] | 5.0 | 0.87% | 2001-01-09 | 2026-04-16 |
| CVE-2000-0379 | The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. | [email protected] | 3.6 | 0.47% | 2000-05-16 | 2026-04-16 |
| CVE-2000-0142 | The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. | [email protected] | 5.0 | 5.68% | 2000-02-11 | 2026-04-16 |
| CVE-2000-0086 | Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. | [email protected] | 5.0 | 0.65% | 2000-01-18 | 2026-04-16 |