Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tftp server vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2007-5361
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and previous versions caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote malicious user...
Alcatel-lucent Omnipcx
7.5
CVSSv2
CVE-2006-5584
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote malicious users to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
Microsoft Windows 2000
5
CVSSv2
CVE-2011-4821
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote malicious users to read arbitrary files via unspecified vectors.
Dlink Dir-601 Firmware 1.02na
Dlink Dir-601 -
10
CVSSv2
CVE-2002-0395
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote malicious users to crack the administration password via brute force methods.
Red-m 1050ap Lan Acess Point
6.1
CVSSv2
CVE-2020-35233
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external malicious users to force device reboots by sending concurrent connections, aka a denial of service attack.
Netgear Gs116e Firmware 2.6.0.43
Netgear Jgs516pe Firmware 2.6.0.43
7.8
CVSSv2
CVE-2007-3874
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x prior to 6.8.380.0 allows remote malicious users to read arbitrary files via unspecified vectors.
Altiris Deployment Solution 6.0
Altiris Deployment Solution 6.8
7.5
CVSSv2
CVE-2001-1426
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote malicious users to change firmware versions or the device's configurations.
Alcatel Speed Touch Home Khdsaa.133
Alcatel Speed Touch Home Khdsaa.134
Alcatel Speed Touch Home Khdsaa.108
Alcatel Speed Touch Home Khdsaa.132
5
CVSSv2
CVE-2004-2432
WinAgents TFTP Server 3.0 allows remote malicious users to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow.
10
CVSSv2
CVE-2008-1310
Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions prior to 2.0.3900.0, allows remote malicious users to read and overwrite arbitrary files via directory traversal sequences in the pathname.
Packettrap Pt360 Tool Suite 1.1.33.1.0
6.4
CVSSv2
CVE-1999-1421
NBase switches NH208 and NH215 run a TFTP server which allows remote malicious users to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
N-base Nh208
N-base Nh215
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »