The telnet service must be disabled, as it sends all data, including the user's password, in a clear text form that can be easily intercepted and read. Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Disabling telnet is one way to mitigate ...
The host is installed with Ethernut Nut/OS through 5.1 and is prone to an out-of-bounds write vulnerability. A flaw is present in the application, which fails to handle the DNS implementation issue. Successful exploitation allows attackers to cause denial-of-service, and possibly remote code execution.
This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of ...