VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201912-2006 No CVE Wheelton e-pass ba ***. Php page has SQL injection vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Huilton eDitong is a VPN security gateway of Shenzhen Huilton Information Technology Co., Ltd. There is a SQL injection vulnerability in the ba ***. Php page of Wheaton e.com. An attacker can use this vulnerability to obtain sensitive information.
VAR-201912-1394 CVE-2019-19642 SuperMicro X8STi-F operating system command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. SuperMicro X8STi-F is a computer motherboard from American SuperMicro Corporation. An attacker could use this vulnerability to obtain a persistent backdoor by sending an HTTP request to the IPMI IP address
VAR-201912-1872 No CVE CenturyStar configuration software CenturyStar v9.1 English version has a command execution vulnerability CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
CenturyStar is a host computer configuration software of Beijing Century Changqiu Technology Co., Ltd. It is mainly used in domestic food and drug production lines. CenturyStar configuration software CenturyStar v9.1 English version has a command execution vulnerability. An attacker could use this vulnerability to execute arbitrary code to elevate permissions
VAR-201912-0677 CVE-2019-18671 ShapeShift KeepKey hardware wallet Vulnerable to out-of-bounds writing CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB. ShapeShift KeepKey hardware wallet Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. ShapeShift KeepKey has an overflow overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
VAR-201912-0695 CVE-2019-18672 ShapeShift KeepKey hardware wallet Vulnerabilities related to incomplete data integrity verification CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. ShapeShift KeepKey hardware wallet Contains a vulnerability related to incomplete data integrity verification.Information may be tampered with. ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. There is an unknown vulnerability in the ShapeShift KeepKey finite state machine, which is caused by the program not being fully verified. An attacker could use this vulnerability to reset a part of the encryption key to a known value using a specially crafted message
VAR-201912-0671 CVE-2019-17270 Yachtcontrol In OS Command injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. Yachtcontrol Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201912-1384 CVE-2019-19620 SecureWorks Red Cloak Windows Agent Vulnerable to improper retention of permissions CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. SecureWorks Red Cloak Windows Agent Contains a vulnerability in improper retention of permissions.Information may be tampered with. A local attacker could exploit this vulnerability to bypass security protections
VAR-201912-1254 CVE-2019-18575 Dell Command Configure Vulnerabilities in uncontrolled search path elements CVSS V2: 6.6
CVSS V3: 7.1
Severity: HIGH
Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. Dell Command Configure is an application program of Dell, which can provide configuration functions for business client platforms. The program includes a command-line interface and a graphical user interface for configuring various BIOS functions
VAR-201912-1387 CVE-2019-19627 SROS 2 Vulnerable to information disclosure CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.). SROS 2 Contains an information disclosure vulnerability.Information may be obtained
VAR-201912-1386 CVE-2019-19625 SROS 2 Vulnerable to information disclosure CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document. SROS 2 Contains an information disclosure vulnerability.Information may be obtained
VAR-201912-0158 CVE-2019-4621 IBM DataPower Gateway Vulnerable to unsafe default initialization of resources CVSS V2: 6.8
CVSS V3: 9.8
Severity: CRITICAL
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883. IBM DataPower Gateway Contains a vulnerability in the initialization of unsafe default values for resources. Vendors have confirmed this vulnerability IBM X-Force ID: 168883 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform. There is a security vulnerability in IBM DataPower Gateway 2018.4.1.0 to 2018.4.1.5 and 7.6.0.0 to 7.6.0.14
VAR-201912-1224 CVE-2019-16674 plural Weidmueller Vulnerability related to clear transmission of important information in products CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. Weidmueller IE-SW-VL05M , IE-SW-VL08MT , IE-SW-PL10M The device contains a vulnerability in transmitting sensitive information in the clear.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Weidmueller IE-SW-VL05M-5TX is an industrial Ethernet switch from Germany's Weidmueller company. An information disclosure vulnerability exists in several Weidmueller products. Attackers can use this vulnerability to guess the authentication information in cookies
VAR-201912-1227 CVE-2019-16672 plural Weidmueller Lack of encryption of sensitive data in product vulnerability CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. Weidmueller IE-SW-VL05M , IE-SW-VL08MT , IE-SW-PL10M Contains a vulnerability related to the lack of encryption of critical data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Weidmueller IE-SW-VL05M-5TX is an industrial Ethernet switch from Germany's Weidmueller company. An information disclosure vulnerability exists in several Weidmueller products. An attacker could use this vulnerability to obtain credential data
VAR-201912-1225 CVE-2019-16670 plural Weidmueller Product vulnerable to inappropriate restriction of excessive authentication attempts CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. Weidmueller IE-SW-VL05M , IE-SW-VL08MT , IE-SW-PL10M The device is vulnerable to improper restriction of excessive authentication attempts.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Weidmueller IE-SW-VL05M-5TX is an industrial Ethernet switch from Germany's Weidmueller company. There are security vulnerabilities in several Weidmueller products. The vulnerability stems from the failure of the authentication mechanism to protect against brute force attacks. Attackers can use this vulnerability to implement brute force attacks
VAR-201912-1519 CVE-2019-19007 Intelbras IWR 3000N Vulnerability related to information leak from cache in device CVSS V2: 9.0
CVSS V3: 7.2
Severity: HIGH
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. Intelbras IWR 3000N The device contains a vulnerability related to information disclosure from the cache. This vulnerability CVE-2019-17600 Vulnerability associated with.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router of Polish Intelbras company. There is an unknown vulnerability in Intelbras IWR 3000N, which is caused by the program not handling v1/system/user correctly
VAR-201912-1226 CVE-2019-16671 plural Weidmueller Product depletion vulnerability CVSS V2: 6.8
CVSS V3: 6.5
Severity: MEDIUM
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. Weidmueller IE-SW-VL05M , IE-SW-VL08MT , IE-SW-PL10M The device contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Weidmueller IE-SW-VL05M-5TX is an industrial Ethernet switch from Germany's Weidmueller company
VAR-201912-1228 CVE-2019-16673 plural Weidmueller Vulnerability related to information leakage from cache in products CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. Weidmueller IE-SW-VL05M , IE-SW-VL08MT , IE-SW-PL10M The device contains a vulnerability related to information disclosure from the cache.Information may be obtained. Weidmueller IE-SW-VL05M-5TX is an industrial Ethernet switch from Germany's Weidmueller company. An insecure credential storage vulnerability exists in several Weidmueller products. The vulnerability stems from programs storing passwords in plain text, which can be used by attackers to read passwords
VAR-201912-1320 CVE-2019-19589 WordPress for Lever PDF Embedder Plug-in input validation vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF Embedder Plugin is not valid as the plugin itself doesn't control or manage the file upload process. It only serves the uploaded PDF files and the responsibility of uploading PDF file remains with the Site owner of Wordpress installation, the upload of PDF file is managed by Wordpress core and not by PDF Embedder Plugin. Control & block of polyglot file is required to be taken care at the time of upload, not on showing the file. Moreover, the reference mentions retrieving the files from the browser cache and manually renaming it to jar for executing the file. That refers to a two step non-connected steps which has nothing to do with PDF Embedder. WordPress for Lever PDF Embedder The plug-in contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Lever PDF Embedder is a PDF viewing plug-in used in it. A security vulnerability exists in WordPress Lever PDF Embedder version 4.4. An attacker could exploit this vulnerability to transmit and execute malicious code
VAR-201912-1168 CVE-2019-11937 Mcrouter Vulnerable to resource exhaustion CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. Mcrouter Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Mcrouter is a memcached protocol router. There is a security vulnerability in versions prior to Mcrouter v0.41.0. An attacker could exploit this vulnerability to exhaust the stack and cause a denial of service
VAR-201912-0805 CVE-2019-5253 E5572-855 Authentication vulnerability CVSS V2: 7.1
CVSS V3: 5.9
Severity: MEDIUM
E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. E5572-855 Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei E5572-855 is a portable wireless router device from China's Huawei