Vulnerability Response Information

  • Home
  • Vulnerability Response Information

Treck is committed to delivering secure, high performing products. 

Treck is committed to delivering secure, high performing products.  For more than 20 years we have been consistently working to maintain the quality and integrity of our products.

To obtain more information and fixed releases for security issues listed below please contact security@treck.com.

*If your product is affected by any of these issues, but you did not license the product directly from Treck, we suggest that you contact the manufacturer or reseller of your device.

Our PGP public key

VU#114986 and ICS-VU-870237 – Affects versions 6.0.1.67 and earlier

As reported by Intel Corporation

Public Disclosure Date – Dec 18, 2020

CVE-2020-25066
https://nvd.nist.gov/vuln/detail/CVE-2020-25066

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 may allow an unauthenticated user to potentially cause a denial of service (crash/reset) or to possibly execute arbitrary code.

CVE-2020-27337
https://nvd.nist.gov/vuln/detail/CVE-2020-27337

An issue was discovered in Treck IPv6 before 6.0.1.68. An out-of-bounds write in the IPv6 component may allow an unauthenticated user to potentially cause a possible denial of service via network access.

CVE-2020-27338
https://nvd.nist.gov/vuln/detail/CVE-2020-27338

An issue was discovered in Treck IPv6 before 6.0.1.68. An out-of-bound read in the DHCPv6 client component  may allow an unauthenticated user to cause a possible denial of service via adjacent network access.

CVE-2020-27336
https://nvd.nist.gov/vuln/detail/CVE-2020-27336

An issue was discovered in Treck IPv6 before 6.0.1.68.
Improper input validation in the IPv6 component may allow an unauthenticated user to cause an out-of-bounds read of up to three bytes via network access.

ICS-CERT Advisoryhttps://us-cert.cisa.gov/ics/advisories/icsa-20-353-01

Acknowledgments: These issues were found by Intel Corporation and reported to Treck.  Treck would like to thank the following Intel employees; Arie Haenel, Ofek Mostovoy, Yaakov Cohen, Yocheved Butterman, and Yossef Kuszer.

VU#257161 and ICS-VU-035787 – Affects versions 6.0.1.61 and earlier

As reported by Moshe Kol and Shlomi Oberman of JSOF

Public Disclosure Date – June 16, 2020

To receive more information about the vulnerabilities or the Treck release containing fixes, or for patches for all of these reported issues, please contact security@treck.com.

CVE-2020-11896
CVE-2020-11897
CVE-2020-11898
CVE-2020-11899
CVE-2020-11900
CVE-2020-11901
CVE-2020-11902
CVE-2020-11903
CVE-2020-11904
CVE-2020-11905
CVE-2020-11906
CVE-2020-11907
CVE-2020-11908
CVE-2020-11909
CVE-2020-11910
CVE-2020-11911
CVE-2020-11912
CVE-2020-11913
CVE-2020-11914

CERT Coordination Center Advisory – https://kb.cert.org/vuls/id/257161

Back to Top