Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors.

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widesp…

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.