VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201912-0661 CVE-2019-15631 MuleSoft Mule and API Gateway Vulnerability in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. MuleSoft Mule and API Gateway Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201912-1437 CVE-2019-19492 FreeSWITCH Vulnerabilities related to the use of hard-coded credentials CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. FreeSWITCH Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201912-0655 CVE-2019-12503 Inateck BCST-60 Injection vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Inateck BCST-60 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Inateck BCST-60 is a barcode scanner that can be used wirelessly using a 2.4 GHz radio communication or a wired connection via USB. Advisory ID: SYSS-2019-027 Product: BCST-60 Barcode Scanner Manufacturer: Inateck Affected Version(s): BCST-60 Tested Version(s): BCST-60 Vulnerability Type: Cryptographic Issues (CWE-310) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-05-22 Solution Date: - Public Disclosure: 2019-11-28 CVE Reference: CVE-2019-12503 Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Inateck BCST-60 is a barcode scanner that can be either used wirelessly using 2.4 GHz radio communication or wired via USB. The manufacturer describes the product as follows [1]: "With a 2.4G wireless connection, avoid the troubles of Bluetooth pairing. Inateck BCST-60 is a leading product among scanners in the field of large transmission ranges and battery endurance. What's more, it can read barcodes at extreme angles. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless barcode scanner Inateck BCST-60 using a developed proof-of-concept software tool in combination with the USB radio dongle Crazyradio PA and the nrf-research-firmware by Marc Newlin [2, 3]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-05-22: Vulnerability reported to manufacturer 2019-11-28: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for Inateck BCST-60 barcode scanner https://www.inateck.com/bcst-60-2-4ghz-wireless-barcode-scanner-with-35m-range.html [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] nRF24 research firmware and tools by Marc Newlin https://github.com/marcnewlin/presentation-clickers [4] SySS Security Advisory SYSS-2019-027 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-027.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
VAR-201911-1944 No CVE Gigabit passive optical access user equipment has a logical flaw CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
ZTE Corporation is a leading global provider of integrated communications solutions. The company provides innovative technologies and product solutions to telecommunications operators and enterprise network customers in more than 160 countries and regions around the world, so that users around the world can enjoy all-round communication such as voice, data, multimedia, and wireless broadband. Gigabit passive fiber access user equipment has a logic flaw vulnerability, which can be used by attackers to access sensitive data.
VAR-201911-0645 CVE-2019-18922 Allied Telesis AT-GS950/8 Path traversal vulnerability

Related entries in the VARIoT exploits database: VAR-E-201911-0191
CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. Allied Telesis AT-GS950/8 Contains a path traversal vulnerability.Information may be obtained. Allied Telesis AT-GS950 / 8 is a switch from Japan's Allied Telesis. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory
VAR-201911-0290 CVE-2019-6666 BIG-IP Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.4
VAR-201911-0291 CVE-2019-6667 BIG-IP Vulnerable to resource exhaustion CVSS V2: 4.3
CVSS V3: 7.5
Severity: HIGH
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied. BIG-IP Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause a denial of service (resource exhaustion). The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.5 , 12.1.0 version to 12.1.4.1 version, 11.5.1 version to 11.6.5 version
VAR-201911-0293 CVE-2019-6669 BIG-IP Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1 , 12.1.0 version to 12.1.5 version, 11.5.1 version to 11.6.5.1 version
VAR-201911-0294 CVE-2019-6670 BIG-IP Vulnerabilities related to clearing important information in plaintext CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. BIG-IP Contains a vulnerability in the clearing of important information.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1 , 12.1.0 to 12.1.5, 11.5.1 to 11.6.5
VAR-201911-0295 CVE-2019-6671 BIG-IP Vulnerabilities related to lack of effective post-lifetime resource release CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation. BIG-IP Is vulnerable to a lack of free resources after a valid lifetime.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker can exploit this vulnerability to cause a memory leak, causing the TMM to restart, and then a failover occurs. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1
VAR-201911-0297 CVE-2019-6673 BIG-IP Input validation vulnerability CVSS V2: 4.3
CVSS V3: 7.5
Severity: HIGH
On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM). BIG-IP Contains an input validation vulnerability.Denial of service (DoS) May be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in F5 BIG-IP versions 15.0.0 through 15.0.1 and 14.0.0 through 14.1.2
VAR-201911-0258 CVE-2019-5308 Mate 20 RS Unauthorized authentication vulnerability in smartphones CVSS V2: 2.1
CVSS V3: 2.4
Severity: LOW
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. The vulnerability stems from the system's improper restrictions on some operations of users in ADB mode. An attacker could use this vulnerability to switch to a third-party desktop
VAR-201911-0261 CVE-2019-5271 Huawei Myna Information Disclosure Vulnerability CVSS V2: 4.8
CVSS V3: 5.4
Severity: MEDIUM
There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations
VAR-201911-1044 CVE-2019-18184 Crestron Electronics DMC-STRO Operating System Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Crestron DMC-STRO The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics DMC-STRO is a streaming media input card for receiving streaming video signals from Crestron Electronics. Crestron Electronics DMC-STRO has an operating system command injection vulnerability
VAR-201911-0259 CVE-2019-5309 Huawei Honor Play information disclosure vulnerability CVSS V2: 2.1
CVSS V3: 4.6
Severity: MEDIUM
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Huawei Honor Play is a smart phone product of China's Huawei (Huawei) company
VAR-201911-0823 CVE-2019-5247 Huawei Atlas 300 and Atlas 500 Vulnerable to classic buffer overflow CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Atlas 300 is an AI (Artificial Intelligence) acceleration card. This product is suitable for artificial intelligence training and inference scenarios
VAR-201911-0296 CVE-2019-6672 BIG-IP AFM Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. BIG-IP AFM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP AFM is an advanced firewall product used to protect against DDos attacks from F5 Corporation of the United States. Security vulnerabilities exist in F5 BIG-IP AFM versions 15.0.0 through 15.0.1, 14.0.0 through 14.1.2, and 13.1.0 through 13.1.3.1. An attacker could exploit this vulnerability to cause legitimate network packet loss or delay
VAR-201911-0298 CVE-2019-6674 F5 SSL Orchestrator Input validation vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This product provides policy-based dynamic decryption, encryption, and flow control functions. Attackers can exploit this vulnerability to crash TMM
VAR-201911-0292 CVE-2019-6668 macOS for BIG-IP APM Edge Client Vulnerable to unauthorized authentication CVSS V2: 4.9
CVSS V3: 5.5
Severity: MEDIUM
The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root. Both F5 BIG-IP APM and F5 BIG-IP APM Clients are products of F5 Corporation in the United States. F5 BIG-IP APM is an access and security solution. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM Clients is a set of APM client software. An attacker could exploit this vulnerability to access files of the root user. The following products and versions are affected: F5 BIG-IP APM 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.5 Version, 12.1.0 to 12.1.5, 11.5.1 to 11.6.5
VAR-201911-0289 CVE-2019-6665 plural F5 Authentication vulnerabilities in products CVSS V2: 7.5
CVSS V3: 9.4
Severity: CRITICAL
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. plural F5 The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM, etc. are all products of F5 Company in the United States. F5 BIG-IP ASM is a web application firewall (WAF), and F5 Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. F5 BIG-IQ is a software-based cloud management solution. Security flaws exist in several F5 products. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0 to version 15.0.1, version 14.1.0 to version 14.1.2, version 14.0.0 to version 14.0.1, version 13.1.0 to version 13.1.3.1 Version; BIG-IQ version 6.0.0, version 5.2.0-5.4.0; iWorkflow version 2.3.0; Enterprise Manager version 3.1.1