The built-in WEB server has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies
The built-in WEB server has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
The built-in web service does not require users to have strong passwords.
The built-in web server stores and transmits the credentials of third-party services in cleartext.
The built-in web server allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
The built-in web service allows sensitive information to be displayed without proper authorization.
NPort: Firmware Version 2.1 or lower
Refer to vendor advisor for the complete list of affected products and their respective patches.