Echelon SmartServer 1 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:echelon:smartserver_1_firmware:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Echelon (072051df-f9ea-54e5-b99f-0caeb5f327c1) |
|---|---|
| Product | Smartserver 1 Firmware (96fe960f-e4eb-568d-a94a-2b8113d29599) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-8859 |
vulnerable | 2026-06-08 05:12:06.587531 |
Details available
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product.
Published: 2018-07-24T17:00:00.000Z
Updated: 2026-06-02T19:43:22.063Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-8855 |
vulnerable | 2026-06-08 05:12:06.580048 |
Details available
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP.
Published: 2018-07-24T17:00:00.000Z
Updated: 2026-06-02T19:53:51.367Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-8851 |
vulnerable | 2026-06-08 05:12:06.567670 |
Details available
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface.
Published: 2018-07-24T17:00:00.000Z
Updated: 2026-06-02T19:58:52.622Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.