VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202003-1538 CVE-2020-9756 Patriot Viper RGB Driver Vulnerability related to authority management in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges. (DoS) It may be put into a state. Patriot Viper RGB is a memory module device of Patriot Company of Taiwan, China. Patriot Viper RGB Driver is its driver. Attackers can use IOCTL Codes 0x80102050 and 0x80102054 to exploit this vulnerability to execute arbitrary code with elevated privileges
VAR-202003-0368 CVE-2020-10214 D-Link DIR-825 Out-of-bounds write vulnerabilities in devices CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. D-Link DIR-825 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router
VAR-202003-0367 CVE-2020-10213 D-Link DIR-825 Device and TRENDnet TEW-632BRP In OS Command injection vulnerabilities CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. D-Link DIR-825 Device and TRENDnet TEW-632BRP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. TRENDnet TEW-632BRP is a 300Mbps wireless home router. D-Link DIR-825 and TRENDnet TEW-632BRP have a command injection vulnerability
VAR-202003-0212 CVE-2020-10112 Citrix Gateway In HTTP Request Smagling Vulnerability CVSS V2: 5.8
CVSS V3: 5.4
Severity: MEDIUM
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. Citrix Gateway To HTTP There is a vulnerability related to Request Smagling.Information may be obtained and tampered with. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location
VAR-202003-0211 CVE-2020-10111 Citrix Gateway In HTTP Request Smagling Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. An attacker could exploit this vulnerability to bypass the caching system
VAR-202003-1492 CVE-2020-5328 Dell EMC Isilon OneFS Vulnerability regarding lack of authentication for critical features in CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell. An attacker could exploit this vulnerability with a specially crafted request to bypass security restrictions and compromise the system
VAR-202003-1491 CVE-2020-5327 Dell Security Management Server Unreliable data deserialization vulnerability in CVSS V2: 9.3
CVSS V3: 9.8
Severity: CRITICAL
Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. (DoS) It may be put into a state
VAR-202003-1405 CVE-2020-9544 D-Link DSL-2640B Authentication vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice. D-Link DSL-2640B There is an authentication vulnerability in the device.Information may be tampered with. D-Link DSL-2640B is an ADSL2 / 2 + modem with wireless router function. D-Link DSL-2640B E1 EU_1.01 has a firmware update vulnerability
VAR-202003-1696 CVE-2020-8994 XIAOMI AI speaker MDZ-25-DT Vulnerability regarding inadequate protection of credentials in CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor. XIAOMI AI speaker MDZ-25-DT Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202003-1470 CVE-2020-9370 HUMAX HGA12R-02 Session fixation vulnerability in device CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. HUMAX HGA12R-02 A session fixation vulnerability exists on the device.Information may be obtained and tampered with. HUMAX HGA12R-02 BRGCAA is a wireless router from South Korea's HUMAX company. An attacker could use this vulnerability to hijack a user's valid session, then create a user account or control the device with the permissions of the session
VAR-202003-0363 CVE-2020-10173 Comtrend VR-3033 On the device OS Command injection vulnerabilities CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. Comtrend VR-3033 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Comtrend VR-3033 is a high power 802.11n 300Mbps single line VDSL router. Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m has a command injection vulnerability
VAR-202003-1180 CVE-2020-3127 Microsoft Windows for Cisco Webex Network Recording Player and Cisco Webex Player Input verification vulnerability in CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be put into a state. Crafted data in an ARF file can trigger access to memory prior to initialization. Microsoft Windows is an operating system used by a set of personal devices of Microsoft Corporation in the United States. The following products and versions are affected: Webex Network Recording Player Release WBS earlier than 39.5.17 (Cisco Webex Meetings), Release WBS earlier than 39.11.0 (Cisco Webex Meetings), Release 1.3.43 earlier (Cisco Webex Meetings Online), Release 3.0MR3 prior to SecurityPatch1 (Cisco Webex Meetings Server), prior to 4.0MR2SecurityPatch2 (Cisco Webex Meetings Server); Webex Player Release prior to WBS 39.5.17 (Cisco Webex Meetings), Release prior to Release WBS 39.11.0 (Cisco Webex Meetings) , versions earlier than Release 1.3.43 (Cisco Webex Meetings Online)
VAR-202003-1181 CVE-2020-3128 Microsoft Windows for Cisco Webex Network Recording Player and Cisco Webex Player Input verification vulnerability in CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be put into a state. The following products and versions are affected: Webex Network Recording Player Release WBS earlier than 39.5.17 (Cisco Webex Meetings), Release WBS earlier than 39.11.0 (Cisco Webex Meetings), Release 1.3.49 earlier (Cisco Webex Meetings Online), Release 3.0MR3 prior to SecurityPatch1 (Cisco Webex Meetings Server), prior to 4.0MR2SecurityPatch2 (Cisco Webex Meetings Server); Webex Player Release prior to WBS 39.5.17 (Cisco Webex Meetings), Release prior to Release WBS 39.11.0 (Cisco Webex Meetings) , versions earlier than Release 1.3.49 (Cisco Webex Meetings Online)
VAR-202003-1183 CVE-2020-3155 Cisco Intelligent Proximity Certificate validation vulnerabilities in the solution CVSS V2: 5.8
CVSS V3: 7.4
Severity: HIGH
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints. Cisco Intelligent Proximity The solution contains a certificate validation vulnerability.Information may be obtained and tampered with. Cisco Intelligent Proximity is an innovative feature set that enables a richer collaboration experience from your mobile device. Cisco Webex Teams and others are products of Cisco. Cisco Webex Teams is a team collaboration application. The program includes video conferencing, group messaging and file sharing capabilities. Cisco Webex Meetings is a set of video conferencing solutions. Cisco Jabber is a unified communications client solution. The program provides online status display, instant messaging, voice and other functions. The following products and versions are affected: Cisco Intelligent Proximity application; Cisco Jabber; Cisco Webex Meetings; Cisco Webex Teams; Cisco Meeting App
VAR-202003-1184 CVE-2020-3157 Cisco Identity Services Engine Cross-site scripting vulnerability in CVSS V2: 3.5
CVSS V3: 5.4
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by crafting a malicious configuration and saving it to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information when an administrator views the configuration. An attacker would need write permissions to exploit this vulnerability successfully. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-202003-1177 CVE-2020-3164 plural Cisco Product input verification vulnerabilities CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded. are all products of Cisco in the United States. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices. AsyncOS Software is a set of operating systems running in it. The device provides SaaS-based access control, real-time network reporting and tracking, and formulating security policies. AsyncOS web management interface in many Cisco products has an input verification error vulnerability, which stems from the failure to properly verify the HTTP request header. The following products and versions are affected: Cisco ESA 13.0.0-392 and earlier (Release); Cisco Cloud Email Security 13.0.0-392 and earlier (Release); Cisco WSA 12.0.1-268 and earlier (Release) ; Cisco SMA 13.6.0 and earlier versions (Release)
VAR-202003-1179 CVE-2020-3181 Cisco Email Security Appliance Resource Management Error Vulnerability CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device. A successful exploit could allow the attacker to cause an email attachment that contains malware to be delivered to a user and cause email processing delays. Cisco Email Security Appliances (ESAs) Exists in a resource exhaustion vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Cisco Email Security Appliance (ESA) is an email security appliance from Cisco Corporation in the United States. AsyncOS Software is a set of operating systems running on it
VAR-202003-1186 CVE-2020-3185 Cisco TelePresence Management Suite Cross-site scripting vulnerability in CVSS V2: 3.5
CVSS V3: 5.4
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information. This product is mainly used to deploy large-scale remote and local video conferences, and provides contact management and centralized configuration management
VAR-202003-1187 CVE-2020-3190 Cisco IOS XR Software exhaustion vulnerabilities CVSS V2: 5.0
CVSS V3: 5.8
Severity: MEDIUM
A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to deplete IPsec memory, resulting in all future IPsec packets to an affected device being dropped by the device. Manual intervention is required to recover from this situation. Cisco IOS XR Software contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Cisco IOS XR is an operating system developed by Cisco for its network equipment. The following products and versions are affected: Cisco IOS XR (release) prior to 6.4.3, prior to 6.6.3, prior to 7.0.2, and prior to 7.1.1
VAR-202003-1188 CVE-2020-3192 Cisco Prime Collaboration Provisioning Cross-site scripting vulnerability in CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information