VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202002-1212 CVE-2020-6804 gateway Cross-site scripting vulnerability in CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. gateway Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
VAR-202002-0939 CVE-2020-3923 TAT-76 and TAT-77 Unauthorized authentication vulnerabilities in the series CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. TAT-76 and TAT-77 The series contains vulnerabilities related to fraudulent authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device
VAR-202002-1222 CVE-2020-6863 ZTE E8820V3 Vulnerability in improperly assigning permissions to critical resources on routers CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. ZTE E8820V3 A router contains a vulnerability in improper permission assignment for critical resources.Service operation interruption (DoS) It may be put into a state. ZTE E8820V3 is a gigabit dual-band 1200M smart router with WiFi
VAR-202002-1223 CVE-2020-6864 ZTE E8820V3 Information Disclosure Vulnerability CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. ZTE E8820V3 is a gigabit dual-band 1200M smart router with WiFi
VAR-202002-0940 CVE-2020-3924 TAT-76 and TAT-77 Injection vulnerabilities in the series CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. TAT-76 and TAT-77 There is an injection vulnerability in the series.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device. Tonnet TAT-76 update function failed to correctly verify the update file. Remote attackers can use this vulnerability to submit special requests and inject commands to obtain device permissions
VAR-202002-0890 CVE-2018-8877 Asuswrt-Merlin and ASUS Information leakage vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
VAR-202002-0891 CVE-2018-8878 Asuswrt-Merlin and ASUS Information leakage vulnerability in firmware CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
VAR-202002-1685 No CVE D-Link DIR-859 Arbitrary Code Execution Vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
D-Link DIR-859 is a popular router device. D-Link DIR-859 has a security vulnerability. A remote attacker could use this vulnerability to submit a special request and execute arbitrary code in the application context.
VAR-202002-0701 CVE-2020-3173 Cisco UCS Manager Software Operating System Command Injection Vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. Cisco UCS Manager The software contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202002-0575 CVE-2020-1792 Honor V10 Out-of-bounds writing vulnerabilities on smartphones CVSS V2: 7.1
CVSS V3: 5.5
Severity: MEDIUM
Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot. Huawei Honor V10 is a smartphone product from China's Huawei. The vulnerability stems from insufficient verification of incoming parameters
VAR-202002-0697 CVE-2020-3169 Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerability CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco FXOS The software OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Cisco Firepower 4100 Series and Cisco Firepower 9300 Security Appliance are both products of Cisco Corporation of the United States. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. Cisco FXOS Software is a suite of firewall software that runs on Cisco security appliances. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. The Cisco Firepower 4100 Series is a 4100 series firewall device
VAR-202002-0696 CVE-2020-3168 Cisco Nexus 1000V Switch for VMware vSphere Resource Management Error Vulnerability CVSS V2: 7.1
CVSS V3: 7.5
Severity: HIGH
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. VMware vSphere For Cisco Nexus 1000V The switch contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Supervisor is a process control system for Unix-like systems. This system is mainly used to monitor and control processes in Unix-like operating systems. The program failed to allocate resources correctly
VAR-202002-0700 CVE-2020-3172 Cisco FXOS and NX-OS Input verification vulnerabilities in software CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. Cisco FXOS and NX-OS The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco NX-OS Software and Cisco FXOS Software are both products of Cisco Corporation. Cisco NX-OS Software is a suite of data center-level operating system software for switches
VAR-202002-0703 CVE-2020-3175 Cisco MDS 9000 For Cisco NX-OS Software exhaustion vulnerabilities CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. Cisco MDS 9000 For Cisco NX-OS Software contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Cisco MDS 9000 Series Multilayer Switches is an MDS 9000 series multilayer switch from Cisco (USA). Cisco NX-OS Software is a suite of data center-level operating system software for switches
VAR-202002-1107 CVE-2020-9274 Pure-FTPd Vulnerability in accessing uninitialized pointers in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Pure-FTPd is an FTP (File Transfer Protocol) server. The 'init_aliases' function in the diraliases.c file in Pure-FTPd 1.0.49 has a security vulnerability. No detailed vulnerability details are provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-54 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Pure-FTPd: Multiple vulnerabilities Date: March 25, 2020 Bugs: #711124 ID: 202003-54 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Pure-FTPd, the worst of which could allow remote attackers to cause a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/pure-ftpd < 1.0.49-r2 >= 1.0.49-r2 Description =========== Multiple vulnerabilities have been discovered in Pure-FTPd. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly cause a Denial of Service condition or cause an information disclosure. Workaround ========== There is no known workaround at this time. Resolution ========== All Pure-FTPd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.49-r2" References ========== [ 1 ] CVE-2020-9274 https://nvd.nist.gov/vuln/detail/CVE-2020-9274 [ 2 ] CVE-2020-9365 https://nvd.nist.gov/vuln/detail/CVE-2020-9365 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-54 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4515-1 September 17, 2020 pure-ftpd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input. Software Description: - pure-ftpd: Secure and efficient FTP server Details: Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. (CVE-2020-9274) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: pure-ftpd 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-common 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-ldap 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-mysql 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-postgresql 1.0.36-3.2+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4515-1 CVE-2020-9274 Package Information: https://launchpad.net/ubuntu/+source/pure-ftpd/1.0.36-3.2+deb8u1build0.16.04.1
VAR-202107-0409 CVE-2020-5329 DELL Dell EMC Avamar Server Input validation error vulnerability CVSS V2: 5.8
CVSS V3: 6.1
Severity: MEDIUM
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability stems from the failure of the network system or product to properly validate the input data
VAR-202002-1687 No CVE Feiyuxing enterprise-level intelligent wireless Internet behavior management system has a login bypass vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Chengdu Feiyuxing Technology Co., Ltd. serves enterprise, commercial and home users, providing intelligent and easy-to-use network communication management equipment and innovative technology value-added services. The Feiyuxing enterprise-level intelligent wireless Internet behavior management system has a login bypass vulnerability. Attackers can use this vulnerability to directly log in to the background of the system and access any page in the background.
VAR-202003-1597 CVE-2020-6979 Moxa EDS-G516E Vulnerability in using hard-coded credentials in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. Moxa's EDS-G516E and EDS-510E series have hard-coded vulnerabilities that could be used by attackers to recover confidential data
VAR-202003-1592 CVE-2020-6967 FactoryTalk Services Platform Unreliable data deserialization vulnerability in CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. FactoryTalk Services Platform Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation is a provider of industrial automation, control and information technology solutions
VAR-202003-0597 CVE-2019-6558 plural Auto-Maskin Product vulnerabilities related to weak password requirements CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. Auto-Maskin RP210E , DCU210E , Marine Observer Pro (Android App) There is a vulnerability in requesting a weak password.Information may be obtained. Auto-Maskin is a set of firmware that controls Norwegian marine diesel engines. Auto-Maskin RP210E has a weak password vulnerability. Remote attackers can use this vulnerability to submit special requests for unauthorized access