VARIoT IoT vulnerabilities database

The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. Dialog Semiconductor SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets. CC2640R2 For devices Texas Instruments SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state

The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. Cypress PSoC 4 A classic buffer overflow vulnerability exists on the device.Service operation interruption (DoS) It may be put into a state

The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. MCUXpresso SDK Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state

Pulian Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is a supplier of network communication equipment. The Pulian wireless network camera has an unauthorized access vulnerability. An attacker can connect to the camera's wifi and turn on GPS to bypass account login and obtain sensitive information.

Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera

Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130. plural Snapdragon The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the cam_actuator_driver_cmd function in the V4l2 driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. The Camera in several Qualcomm products has a resource management error vulnerability. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. plural Bosch The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Bosch DIVAR IP 2000 is a 2000 series video recorder. Bosch DIVAR IP 3000 is a 3000 series video recorder

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). EdgeSwitch Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in EdgeSwitch versions prior to 1.7.1. The vulnerability stems from CGI scripts not adequately sanitizing user input. An attacker can exploit this vulnerability to execute local commands and elevate to administrator privileges (Privilege-1 to Privilege-15)

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. Netis WF2419 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Netis WF2419 is a 300Mbps wireless router. The vulnerability stems from a lack of validation of user input

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. plural Bosch The product contains a past traversal vulnerability.Information may be obtained. Bosch DIVAR IP 3000 is a 3000 series video recorder of Germany Bosch. Bosch DIVAR IP 3000 has a path traversal vulnerability

Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439, SDM630, SDM636, SDM660, SDX24. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm SDX24 and so on are the products of American Qualcomm. SDX24 is a modem. SDM630 is a central processing unit (CPU) product. SDM660 is a central processing unit (CPU) product. The Camera in several Qualcomm products has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to gain access beyond the scope

Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS605, SDM439, SDX24. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Qualcomm SDX24 and so on are the products of American Qualcomm. SDX24 is a modem. QCS605 is a central processing unit (CPU) product. SDM439 is a central processing unit (CPU) product. Kernel in Qualcomm QCS605, SDM439 and SDX24 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. No detailed vulnerability details are provided at this time

Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607. (DoS) It may be put into a state. Qualcomm MDM9206 and MDM9607 are both a central processing unit (CPU) product from Qualcomm. Kernel in Qualcomm MDM9206 and MDM9607 has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data. An attacker could use this vulnerability to cause a buffer overflow and so on

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. Interstage and Systemwalker Related products etc. TLS For operation TLS Multiple product vulnerabilities related to CVE-2019-13163 ) Exists.A man-in-the-middle attacker between the server and the client could break the encrypted communication

Cisco ACE A2(3.6) allows log retention DoS. An attacker could exploit this vulnerability by sending a large number of SSL connections to an affected device to exhaust the remaining free space on the hard drive, causing a denial of service

MOXA MB3180 / MB3280 / MB3480 series is an advanced Ethernet gateway device produced by Taiwan moxa Technology Co., Ltd. The MOXA MB3180 / MB3280 / MB3480 series of advanced Ethernet gateways have information disclosure vulnerabilities. Attackers can use the vulnerabilities to launch further attacks.

MOXA MGate is a serial communication server produced by Taiwan moxa Technology Co., Ltd. The moxa mb3180 / mb3280 / mb3480 series serial communication server has an unauthorized access vulnerability. An attacker can use this vulnerability to reset the system IP, password, and restart the system.

MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. MikroTik WinBox Exists in a past traversal vulnerability.Information may be tampered with

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file) option. OpServices OpMon There is a vulnerability in the lack of authentication for critical features.Information may be obtained. OpServices OpMon is an IT infrastructure monitoring software from Brazil. OpServices OpMon has security holes