📦

contiki

Vendor: contiki-os

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 45 Total Indexed

Avg. EPSS 0.54% Exploit Prob.

Latest CVE CVE-2021-40523 Sep 05

Security Vulnerability Index

Page 2 / 5

9.8 CVSS

CVE-2019-8359

RCE

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c.

EPSS: 0.66%

Severity: CRITICAL

Apr 23, 2020

6.1 CVSS

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection.

EPSS: 0.23%

Severity: MEDIUM

May 28, 2017

7.5 CVSS

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.

EPSS: 0.35%

Severity: HIGH

May 28, 2017

Displaying 3 of 45 Total Entries

1 2 3 4 5

Total 5 Sections