GCVE - cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:windriver:vxworks:6:*:*:*:*:*:*:*

part: o version: 6 update: *

Vendor	Windriver (`1c9d3e00-99c4-5be7-a4c6-5cc8709ef134`)
Product	Vxworks (`437ab3e0-0513-5f7d-b676-0a34e46c28dc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2968`	vulnerable	2026-06-08 04:55:11.867951	Details available The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-17T02:27:41.743Z Open on db.gcve.eu Reference links http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2967`	vulnerable	2026-06-08 04:55:11.867581	Details available The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T16:57:53.586Z Open on db.gcve.eu Reference links https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 http://www.kb.cert.org/vuls/id/840249 http://www.kb.cert.org/vuls/id/MAPG-863QH9 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2966`	vulnerable	2026-06-08 04:55:11.866433	Details available The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Published: 2010-08-04T21:00:00.000Z Updated: 2024-09-16T22:50:46.601Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/840249 http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.