GCVE - cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*

part: o version: 5 update: *

Vendor	Windriver (`1c9d3e00-99c4-5be7-a4c6-5cc8709ef134`)
Product	Vxworks (`437ab3e0-0513-5f7d-b676-0a34e46c28dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2968`	vulnerable	2026-06-08 04:55:11.867915	Details available The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-17T02:27:41.743Z Open on db.gcve.eu Reference links http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2967`	vulnerable	2026-06-08 04:55:11.867542	Details available The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T16:57:53.586Z Open on db.gcve.eu Reference links https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 http://www.kb.cert.org/vuls/id/840249 http://www.kb.cert.org/vuls/id/MAPG-863QH9 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2966`	vulnerable	2026-06-08 04:55:11.865148	Details available The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T22:50:46.601Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/840249 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2476`	vulnerable	2026-06-08 04:50:24.147179	Details available The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). Published: 2008-10-03T15:00:00.000Z Updated: 2024-08-07T09:05:29.861Z Open on db.gcve.eu Reference links http://secunia.com/advisories/32406 https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 http://support.apple.com/kb/HT3467 http://www.openbsd.org/errata42.html#015_ndp http://www.vupen.com/english/advisories/2008/2751	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.