Buffer Overflow, Cross-Site Scripting / Request Forgery, URI Injection, Insecure SSH Key Exchange in Antaira LMX-0800AG
(eight advisories in document) Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by a memory corruption vulnerability when processing cookies. An unauthenticated attacker could leverage the vulnerability to take full control over the switch. It is also affected by a memory corruption vulnerability when processing ioIndex GET parameter values. An attacker with valid credentials for the web interface could leverage the vulnerability to take full control of the switch. Antaira’s firmware version 3.0 for the LMX-0800AG switch (among other supported devices) is affected by…
Configuration Shell Escape injecting OS/IPV6 commands, and HTML Injection in LLDP Packet System Name Field Leading to Persistent Cross-site Scripting in Antaira LMX-0800AG
(two advisories in document) An authenticated malicious user with access to the web interface (with manager privileges) or via SSH/Serial connection (with enable/config privileges) can inject Operating System (OS) commands in ipv6 commands, which will be executed with root privileges on the switch. An unauthenticated attacker located in an adjacent network could send malicious Link Layer Discovery Protocol (LLDP) packets containing JavaScript code embedded in the System Names attribute. It should be noted that LLDP discovery is not enabled by default in firmware v2.8.