VARIoT IoT vulnerabilities database
| VAR-202003-0309 | CVE-2020-10826 | plural Draytek In the product OS Command injection vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. Draytek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a security vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 before 1.5.1, Vigor2960 before 1.5.1, and Vigor300B before 1.5.1
| VAR-202003-0311 | CVE-2020-10828 | plural Draytek Out-of-bounds write vulnerabilities in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities, which stems from the program's failure to correctly check the boundary
| VAR-202003-0307 | CVE-2020-10824 | plural Draytek Out-of-bounds write vulnerabilities in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary
| VAR-202003-0308 | CVE-2020-10825 | plural Draytek Out-of-bounds write vulnerabilities in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary. A remote attacker can use the specially crafted HTTP request to exploit this vulnerability to execute arbitrary code on the system
| VAR-202003-0430 | CVE-2020-10245 | CODESYS Control runtime Out-of-bounds write vulnerabilities in the system |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. CODESYS Control runtime An out-of-bounds write vulnerability exists in the system.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
| VAR-202003-0167 | CVE-2020-10607 | Advantech WebAccess Out-of-bounds write vulnerability in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Advantech WebAccess Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment.
There is a buffer overflow vulnerability in Advantech WebAccess 8.4.2 and previous versions. The vulnerability stems from the program's failure to correctly verify the length of data submitted by users. Attackers can use this vulnerability to execute code
| VAR-202003-0310 | CVE-2020-10827 | plural Draytek Out-of-bounds write vulnerabilities in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1, and Vigor300B versions prior to 1.5.1 have buffer overflow vulnerabilities. This vulnerability stems from the program's failure to correctly check the boundary
| VAR-202003-0306 | CVE-2020-10823 | plural DrayTek Out-of-bounds write vulnerabilities in product devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). Draytek Vigor3900 , Vigor2960 , Vigor300B The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900 and others are products of DrayTek Corporation of Taiwan. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router.
There is a buffer overflow vulnerability in the /cgi-bin/activate.cgi file in Draytek Vigor3900 versions prior to 1.5.1, Vigor2960 versions prior to 1.5.1 and Vigor300B versions prior to 1.5.1. This vulnerability stems from the program's failure to correctly check the boundary
| VAR-202003-1668 | CVE-2020-6999 | Moxa EDS-G516E Buffer Overflow Vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. Moxa EDS-G516E A classic buffer overflow vulnerability exists in the series firmware.Service operation interruption (DoS) It may be put into a state. Moxa EDS-G516E is a managed switch from Moxa, Taiwan. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
| VAR-202003-1710 | CVE-2020-9065 | Huawei Taurus-AL00B resource management error vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability. Huawei smartphone Taurus-AL00B Is vulnerable to the use of freed memory.Service operation interruption (DoS) It may be put into a state. Huawei Taurus-AL00B is a smart phone of China's Huawei company.
In the previous version of Huawei Taurus-AL00B 10.0.0.203 (C00E201R7P2), there was a resource management error vulnerability
| VAR-202003-0261 | CVE-2020-10882 | TP-Link Archer A7 AC1750 In firmware OS Command injection vulnerabilities |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. TP-Link Archer A7 AC1750 For firmware, OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-9650 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company. The vulnerability stems from the program's failure to correctly verify the string submitted by the user before making a system call
| VAR-202003-0265 | CVE-2020-10886 | TP-Link Archer A7 AC1750 operating system command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. TP-Link AC1750 The router has OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-9662 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company. The vulnerability stems from the failure of the program to correctly verify the string submitted by the user before making a system call
| VAR-202003-0260 | CVE-2020-10881 | TP-Link Archer A7 AC1750 Out-of-bounds write vulnerabilities in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. TP-Link Archer A7 AC1750 There is an out-of-bounds write vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-9660 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company
| VAR-202003-0263 | CVE-2020-10884 | TP-Link Archer A7 AC1750 Vulnerability in using hard-coded credentials in firmware |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. Zero Day Initiative To this vulnerability ZDI-CAN-9652 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company
| VAR-202003-0266 | CVE-2020-10888 | TP-Link AC1750 Authentication vulnerabilities in routers |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. Zero Day Initiative To this vulnerability ZDI-CAN-9664 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company
| VAR-202003-1767 | CVE-2020-10887 | TP-Link Archer A7 AC1750 Authentication vulnerability in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. Zero Day Initiative To this vulnerability ZDI-CAN-9663 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-Link Archer A7 AC1750 is a wireless router of China TP-Link company
| VAR-202003-1820 | No CVE | ZTE Corporation's ZXHN-F650 has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE is the world's only full-standard core network system supplier, capable of providing equipment and services for all mobile communication standards in the world.
An information disclosure vulnerability exists in ZTE Optical modem ZXHN-F650 of ZTE Corporation. Attackers can use this vulnerability to obtain configuration files through optical modem file operations and obtain the super password through RouterPassView.
| VAR-202003-1509 | CVE-2020-5282 | Nick Chan Bot operating system command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta. (DoS) It may be put into a state. Nick Chan Bot is a private Discord robot written using the discord.js library. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands
| VAR-202003-1711 | CVE-2020-9066 | Huawei smartphone OxfordP-AN10B Authentication vulnerabilities in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. Huawei smartphone OxfordP-AN10B There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei OxfordP-AN10B is a smart phone of the Chinese company Huawei.
Prior to Huawei OxfordP-AN10B 10.0.1.169 (C00E166R4P1), there was an authorization issue vulnerability
| VAR-202003-0671 | CVE-2019-5105 | 3S-Smart Software Solutions CODESYS GatewayService Buffer Overflow Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System). 3S-Smart Software Solutions, CODESYS Control for BeagleBone, etc. are all products of German 3S-Smart Software Solutions. CODESYS Control for BeagleBone is a set of industrial control program programming software. CODESYS Control is a set of industrial control program programming software. CODESYS Development System is a set of programming tools for industrial controllers and automation technology. Safety and other products are all products. Safety is a Python-based software package for checking program safety. 3S-Smart Software Solutions CODESYS GatewayService is a gateway service used in CODESYS products. The following products and versions (including CmpRouter or CmpRouterEmbedded components) are affected: CODESYS Control for BeagleBone before V3.5.15.40, CODESYS Control for emPC-A/iMX6 before V3.5.15.40, and CODESYS Control for IOT2000 V3.5.15