Treck is committed to delivering secure, high performing products.
Treck is committed to delivering secure, high performing products. For more than 20 years we have been consistently working to maintain the quality and integrity of our products.
To obtain more information and fixed releases for security issues listed below please contact email@example.com.
*If your product is affected by any of these issues, but you did not license the product directly from Treck, we suggest that you contact the manufacturer or reseller of your device.
VU#114986 and ICS-VU-870237 – Affects versions 220.127.116.11 and earlier
As reported by Intel Corporation
Public Disclosure Date – Dec 18, 2020
A heap-based buffer overflow in the Treck HTTP Server component before 18.104.22.168 may allow an unauthenticated user to potentially cause a denial of service (crash/reset) or to possibly execute arbitrary code.
An issue was discovered in Treck IPv6 before 22.214.171.124. An out-of-bounds write in the IPv6 component may allow an unauthenticated user to potentially cause a possible denial of service via network access.
An issue was discovered in Treck IPv6 before 126.96.36.199. An out-of-bound read in the DHCPv6 client component may allow an unauthenticated user to cause a possible denial of service via adjacent network access.
An issue was discovered in Treck IPv6 before 188.8.131.52.
Improper input validation in the IPv6 component may allow an unauthenticated user to cause an out-of-bounds read of up to three bytes via network access.
ICS-CERT Advisory – https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01
Acknowledgments: These issues were found by Intel Corporation and reported to Treck. Treck would like to thank the following Intel employees; Arie Haenel, Ofek Mostovoy, Yaakov Cohen, Yocheved Butterman, and Yossef Kuszer.
VU#257161 and ICS-VU-035787 – Affects versions 184.108.40.206 and earlier
As reported by Moshe Kol and Shlomi Oberman of JSOF
Public Disclosure Date – June 16, 2020
To receive more information about the vulnerabilities or the Treck release containing fixes, or for patches for all of these reported issues, please contact firstname.lastname@example.org.