VARIoT IoT vulnerabilities database
| VAR-202002-1212 | CVE-2020-6804 | gateway Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. gateway Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-202002-0939 | CVE-2020-3923 | TAT-76 and TAT-77 Unauthorized authentication vulnerabilities in the series |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. TAT-76 and TAT-77 The series contains vulnerabilities related to fraudulent authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device
| VAR-202002-1222 | CVE-2020-6863 | ZTE E8820V3 Vulnerability in improperly assigning permissions to critical resources on routers |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
ZTE E8820V3 router product is impacted by a permission and access control vulnerability. Attackers could use this vulnerability to tamper with DDNS parameters and send DoS attacks on the specified URL. ZTE E8820V3 A router contains a vulnerability in improper permission assignment for critical resources.Service operation interruption (DoS) It may be put into a state. ZTE E8820V3 is a gigabit dual-band 1200M smart router with WiFi
| VAR-202002-1223 | CVE-2020-6864 | ZTE E8820V3 Information Disclosure Vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
ZTE E8820V3 router product is impacted by an information leak vulnerability. Attackers could use this vulnerability to to gain wireless passwords. After obtaining the wireless password, the attacker could collect information and attack the router. ZTE E8820V3 is a gigabit dual-band 1200M smart router with WiFi
| VAR-202002-0940 | CVE-2020-3924 | TAT-76 and TAT-77 Injection vulnerabilities in the series |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. TAT-76 and TAT-77 There is an injection vulnerability in the series.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device.
Tonnet TAT-76 update function failed to correctly verify the update file. Remote attackers can use this vulnerability to submit special requests and inject commands to obtain device permissions
| VAR-202002-0890 | CVE-2018-8877 | Asuswrt-Merlin and ASUS Information leakage vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
| VAR-202002-0891 | CVE-2018-8878 | Asuswrt-Merlin and ASUS Information leakage vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. Asuswrt-Merlin and ASUS There is an information leakage vulnerability in the firmware.Information may be obtained. ASUS Asuswrt-Merlin is a firmware running in the routers of ASUS Corporation of Taiwan, China
| VAR-202002-1685 | No CVE | D-Link DIR-859 Arbitrary Code Execution Vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
D-Link DIR-859 is a popular router device.
D-Link DIR-859 has a security vulnerability. A remote attacker could use this vulnerability to submit a special request and execute arbitrary code in the application context.
| VAR-202002-0701 | CVE-2020-3173 | Cisco UCS Manager Software Operating System Command Injection Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by including crafted arguments to specific commands on the local management CLI. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges. Cisco UCS Manager The software contains vulnerabilities to inadequate validation of data reliability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202002-0575 | CVE-2020-1792 | Honor V10 Out-of-bounds writing vulnerabilities on smartphones |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot. Huawei Honor V10 is a smartphone product from China's Huawei. The vulnerability stems from insufficient verification of incoming parameters
| VAR-202002-0697 | CVE-2020-3169 | Cisco Firepower 4100 Series and Firepower 9300 Security Appliances FXOS Software Operating System Command Injection Vulnerability |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Cisco FXOS The software OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Cisco Firepower 4100 Series and Cisco Firepower 9300 Security Appliance are both products of Cisco Corporation of the United States. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. Cisco FXOS Software is a suite of firewall software that runs on Cisco security appliances. The Cisco Firepower 9300 Security Appliance is a 9300 series security appliance. The Cisco Firepower 4100 Series is a 4100 series firewall device
| VAR-202002-0696 | CVE-2020-3168 | Cisco Nexus 1000V Switch for VMware vSphere Resource Management Error Vulnerability |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. VMware vSphere For Cisco Nexus 1000V The switch contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Supervisor is a process control system for Unix-like systems. This system is mainly used to monitor and control processes in Unix-like operating systems. The program failed to allocate resources correctly
| VAR-202002-0700 | CVE-2020-3172 | Cisco FXOS and NX-OS Input verification vulnerabilities in software |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. Cisco FXOS and NX-OS The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco NX-OS Software and Cisco FXOS Software are both products of Cisco Corporation. Cisco NX-OS Software is a suite of data center-level operating system software for switches
| VAR-202002-0703 | CVE-2020-3175 | Cisco MDS 9000 For Cisco NX-OS Software exhaustion vulnerabilities |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. Cisco MDS 9000 For Cisco NX-OS Software contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Cisco MDS 9000 Series Multilayer Switches is an MDS 9000 series multilayer switch from Cisco (USA). Cisco NX-OS Software is a suite of data center-level operating system software for switches
| VAR-202002-1107 | CVE-2020-9274 | Pure-FTPd Vulnerability in accessing uninitialized pointers in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Pure-FTPd is an FTP (File Transfer Protocol) server.
The 'init_aliases' function in the diraliases.c file in Pure-FTPd 1.0.49 has a security vulnerability. No detailed vulnerability details are provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-54
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Pure-FTPd: Multiple vulnerabilities
Date: March 25, 2020
Bugs: #711124
ID: 202003-54
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Pure-FTPd, the worst of
which could allow remote attackers to cause a Denial of Service
condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/pure-ftpd < 1.0.49-r2 >= 1.0.49-r2
Description
===========
Multiple vulnerabilities have been discovered in Pure-FTPd. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly cause a Denial of Service condition or
cause an information disclosure.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Pure-FTPd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/pure-ftpd-1.0.49-r2"
References
==========
[ 1 ] CVE-2020-9274
https://nvd.nist.gov/vuln/detail/CVE-2020-9274
[ 2 ] CVE-2020-9365
https://nvd.nist.gov/vuln/detail/CVE-2020-9365
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-54
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-4515-1
September 17, 2020
pure-ftpd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Pure-FTPd could be made to expose sensitive information if it recieved
specially crafted input.
Software Description:
- pure-ftpd: Secure and efficient FTP server
Details:
Antonio Norales discovered that Pure-FTPd incorrectly handled directory
aliases. (CVE-2020-9274)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
pure-ftpd 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-common 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-ldap 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-mysql 1.0.36-3.2+deb8u1build0.16.04.1
pure-ftpd-postgresql 1.0.36-3.2+deb8u1build0.16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4515-1
CVE-2020-9274
Package Information:
https://launchpad.net/ubuntu/+source/pure-ftpd/1.0.36-3.2+deb8u1build0.16.04.1
| VAR-202107-0409 | CVE-2020-5329 | DELL Dell EMC Avamar Server Input validation error vulnerability |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability stems from the failure of the network system or product to properly validate the input data
| VAR-202002-1687 | No CVE | Feiyuxing enterprise-level intelligent wireless Internet behavior management system has a login bypass vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Chengdu Feiyuxing Technology Co., Ltd. serves enterprise, commercial and home users, providing intelligent and easy-to-use network communication management equipment and innovative technology value-added services.
The Feiyuxing enterprise-level intelligent wireless Internet behavior management system has a login bypass vulnerability. Attackers can use this vulnerability to directly log in to the background of the system and access any page in the background.
| VAR-202003-1597 | CVE-2020-6979 | Moxa EDS-G516E Vulnerability in using hard-coded credentials in series firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa.
Moxa's EDS-G516E and EDS-510E series have hard-coded vulnerabilities that could be used by attackers to recover confidential data
| VAR-202003-1592 | CVE-2020-6967 | FactoryTalk Services Platform Unreliable data deserialization vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data. FactoryTalk Services Platform Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Rockwell Automation is a provider of industrial automation, control and information technology solutions
| VAR-202003-0597 | CVE-2019-6558 | plural Auto-Maskin Product vulnerabilities related to weak password requirements |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. Auto-Maskin RP210E , DCU210E , Marine Observer Pro (Android App) There is a vulnerability in requesting a weak password.Information may be obtained. Auto-Maskin is a set of firmware that controls Norwegian marine diesel engines.
Auto-Maskin RP210E has a weak password vulnerability. Remote attackers can use this vulnerability to submit special requests for unauthorized access