How severe is CVE-2016-6567?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2016-6567?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2016-6567

CRITICAL Year: 2016

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-494

View all →

Vulnerability Description

SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011.

CVE-2001-1125

CRITICAL

CVSS:9.8(Critical)

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com ...

CWE-4942001

CVE-2002-0671

CRITICAL

CVSS:9.8(Critical)

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attacker...

CWE-4942002

CVE-2018-14620

CRITICAL

CVSS:9.8(Critical)

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the i...

CWE-4942018

CVE-2018-5409

CRITICAL

CVSS:9.8(Critical)

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can e...

CWE-4942018

CVE-2019-19167

CRITICAL

CVSS:9.8(Critical)

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code executi...

CWE-4942019

CVE-2020-22654

CRITICAL

CVSS:9.8(Critical)

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3...

CWE-4942020

CVE-2016-6567

Vulnerability Description

Related Vulnerabilities

CVE-2001-1125

CVE-2002-0671

CVE-2018-14620

CVE-2018-5409

CVE-2019-19167

CVE-2020-22654