VARIoT IoT vulnerabilities database

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Tecno Camon iClick Android The device is vulnerable to a lack of authentication.Information may be tampered with. Tecno Camon iClick is a smartphone from China Transsion. Tecno Camon iClick has an unknown vulnerability. An attacker could use this vulnerability to modify system properties

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Xiaomi Mi Note 2 Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be tampered with. Xiaomi Mi Note 2 is a smartphone from China's Xiaomi Technology. The com.miui.powerkeeper app in Xiaomi Mi Note 2 (build fingerprint: Xiaomi / scorpio / scorpio: 6.0.1 / MXB48T / 7.1.5: user / release-keys) has a security vulnerability. An attacker could use another application on the device to exploit the vulnerability to unauthorizedly modify wireless settings

The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J6 Android The device is vulnerable to improper assignment of permissions to critical resources.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Samsung J6 is a smartphone from Samsung in South Korea. An access control error vulnerability exists in the com.samsung.android.themecenter app in Samsung J6 (build fingerprint: samsung / j6ltexx / j6lte: 8.0.0 / R16NW / J600FNXXU3ASC1: user / release-keys). The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time

The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Asus ZenFone 3 Laser Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS ZenFone 3 Laser is a smartphone from ASUS, Taiwan. ASUS ZenFone 3 Laser has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi script for payload upload and the testtcl.cgi script for its execution. eQ-3 Homematic CCU2 , CCU3 , E-Mail Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both eQ-3 Homematic CCU3 and eQ-3 Homematic CCU2 are central control units of a smart home system produced by German eQ-3 company. There are security vulnerabilities in E-Mail AddOn 1.6.8.c and earlier versions in eQ-3 Homematic CCU2 version 2.47.20 and CCU3 version 3.47.18. An attacker could exploit this vulnerability to execute code

The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app (versionCode=28, versionName=9) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record telephone calls to external storage. Xiaomi Cepheus Android The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. Xiaomi Cepheus is a smartphone from China Xiaomi Technology. The access control error vulnerability exists in the com.qualcomm.qti.callenhancement app in Xiaomi Cepheus (build fingerprint: Xiaomi/cepheus/cepheus:9/PKQ1.181121.001/V10.2.6.0.PFAMIXM:user/release-keys). An attacker could use the vulnerability to make unauthorized microphone recordings with third-party software

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported service named com.lovelyfont.manager.service.FunctionService that allows any app co-located on the device to supply the file path to a Dalvik Executable (DEX) file which it will dynamically load within its own process and execute in with its own system privileges. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as the system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), and obtains the user's text messages, and more. Executing code as the system user can allow a third-party app to factory reset the device, obtain the user's Wi-Fi passwords, obtain the user's notifications, read the logcat logs, inject events in the GUI, change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, and obtains the user's text messages, and more. Tecno Camon iAir 2 Plus Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. CleanTalk cleantalk-spam-protect is a spam protection plugin used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. Several Siemens products are vulnerable to a resource leak into the wrong area.Service operation interruption (DoS) There is a possibility of being put into a state. The Desigo-PX automation station and operator unit control and monitor the building automation system. They allow alarm signals, time-based programs and trend recording. Desigo PX is a modern building automation and controlsystem for the entire field of building service plants

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. TRENDnet TEW-691GR and TEW-692GR Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. plural Huawei home The router contains an incorrect authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Huawei HiRouter-CD15-10 is a wireless router from China's Huawei

Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. ASUS RT-AC66U and RT-N56U Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure. Huawei Share Contains an information disclosure vulnerability.Information may be obtained. Huawei P20 is a smartphone from China's Huawei company

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. Parallels Plesk Panel Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Attackers can use the "fileName" parameter to use the vulnerability to inject JavaScript

The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. P20 Smartphones contain a vulnerability related to input confirmation.Information may be tampered with. Huawei P20 is a smartphone from China's Huawei company

Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. No detailed vulnerability details are currently available

Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. The Huawei HiRouter-CD15-10 is a wireless router from China's Huawei

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1. ACRN Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. There are security vulnerabilities in the previous version of ACRN 2019w25.5-140000p. An attacker can use this vulnerability to cause a denial of service