Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Red Lion Crimson Improper Neutralization of Null Byte or NUL Character
Vulnerability Description
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
空字节或NULL字符转义处理不恰当
Vulnerability Title
Red Lion Controls Crimson 安全漏洞
Vulnerability Description
Red Lion Controls Crimson是美国红狮控制(Red Lion Controls)公司的一套人机界面编程软件。 Red Lion Controls Crimson 3.2 Windows-based configuration tool存在安全漏洞,该漏洞源于允许具有管理访问权限的攻击者为用户定义新密码,并将安全配置下载到设备。
CVSS Information
N/A
Vulnerability Type
N/A