VARIoT IoT vulnerabilities database
| VAR-201912-0661 | CVE-2019-15631 | MuleSoft Mule and API Gateway Vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. MuleSoft Mule and API Gateway Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201912-1437 | CVE-2019-19492 | FreeSWITCH Vulnerabilities related to the use of hard-coded credentials |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. FreeSWITCH Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201912-0655 | CVE-2019-12503 | Inateck BCST-60 Injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Inateck BCST-60 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Inateck BCST-60 is a barcode scanner that can be used wirelessly using a 2.4 GHz radio communication or a wired connection via USB. Advisory ID: SYSS-2019-027
Product: BCST-60 Barcode Scanner
Manufacturer: Inateck
Affected Version(s): BCST-60
Tested Version(s): BCST-60
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-05-22
Solution Date: -
Public Disclosure: 2019-11-28
CVE Reference: CVE-2019-12503
Author of Advisory: Matthias Deeg (SySS GmbH)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overview:
Inateck BCST-60 is a barcode scanner that can be either used wirelessly
using 2.4 GHz radio communication or wired via USB.
The manufacturer describes the product as follows [1]:
"With a 2.4G wireless connection, avoid the troubles of Bluetooth
pairing. Inateck BCST-60 is a leading product among scanners in the
field of large transmission ranges and battery endurance. What's more,
it can read barcodes at extreme angles.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
SySS GmbH could successfully perform keystroke injection attacks against
the wireless barcode scanner Inateck BCST-60 using a developed
proof-of-concept software tool in combination with the USB radio dongle
Crazyradio PA and the nrf-research-firmware by Marc Newlin [2, 3].
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclosure Timeline:
2019-05-22: Vulnerability reported to manufacturer
2019-11-28: Public release of security advisory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] Product website for Inateck BCST-60 barcode scanner
https://www.inateck.com/bcst-60-2-4ghz-wireless-barcode-scanner-with-35m-range.html
[2] Product website for Crazyradio PA
https://www.bitcraze.io/crazyradio-pa/
[3] nRF24 research firmware and tools by Marc Newlin
https://github.com/marcnewlin/presentation-clickers
[4] SySS Security Advisory SYSS-2019-027
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-027.txt
[5] SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Credits:
This security vulnerability was found by Matthias Deeg of SySS GmbH.
E-Mail: matthias.deeg (at) syss.de
Public Key:
https://www.syss.de/fileadmin/dokumente/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
| VAR-201911-1944 | No CVE | Gigabit passive optical access user equipment has a logical flaw |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE Corporation is a leading global provider of integrated communications solutions. The company provides innovative technologies and product solutions to telecommunications operators and enterprise network customers in more than 160 countries and regions around the world, so that users around the world can enjoy all-round communication such as voice, data, multimedia, and wireless broadband.
Gigabit passive fiber access user equipment has a logic flaw vulnerability, which can be used by attackers to access sensitive data.
| VAR-201911-0645 | CVE-2019-18922 |
Allied Telesis AT-GS950/8 Path traversal vulnerability
Related entries in the VARIoT exploits database: VAR-E-201911-0191 |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. Allied Telesis AT-GS950/8 Contains a path traversal vulnerability.Information may be obtained. Allied Telesis AT-GS950 / 8 is a switch from Japan's Allied Telesis. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory
| VAR-201911-0290 | CVE-2019-6666 | BIG-IP Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0-13.1.1.4, the TMM process may produce a core file when an upstream server or cache sends the BIG-IP an invalid age header value. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.4
| VAR-201911-0291 | CVE-2019-6667 | BIG-IP Vulnerable to resource exhaustion |
CVSS V2: 4.3 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied. BIG-IP Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to cause a denial of service (resource exhaustion). The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.5 , 12.1.0 version to 12.1.4.1 version, 11.5.1 version to 11.6.5 version
| VAR-201911-0293 | CVE-2019-6669 | BIG-IP Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, undisclosed traffic flow may cause TMM to restart under some circumstances. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1 , 12.1.0 version to 12.1.5 version, 11.5.1 version to 11.6.5.1 version
| VAR-201911-0294 | CVE-2019-6670 | BIG-IP Vulnerabilities related to clearing important information in plaintext |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem. BIG-IP Contains a vulnerability in the clearing of important information.Information may be obtained. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1 , 12.1.0 to 12.1.5, 11.5.1 to 11.6.5
| VAR-201911-0295 | CVE-2019-6671 | BIG-IP Vulnerabilities related to lack of effective post-lifetime resource release |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation. BIG-IP Is vulnerable to a lack of free resources after a valid lifetime.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker can exploit this vulnerability to cause a memory leak, causing the TMM to restart, and then a failover occurs. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, 13.1.0 to 13.1.3.1
| VAR-201911-0297 | CVE-2019-6673 | BIG-IP Input validation vulnerability |
CVSS V2: 4.3 CVSS V3: 7.5 Severity: HIGH |
On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is configured in HTTP/2 Full Proxy mode, specifically crafted requests may cause a disruption of service provided by the Traffic Management Microkernel (TMM). BIG-IP Contains an input validation vulnerability.Denial of service (DoS) May be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in F5 BIG-IP versions 15.0.0 through 15.0.1 and 14.0.0 through 14.1.2
| VAR-201911-0258 | CVE-2019-5308 | Mate 20 RS Unauthorized authentication vulnerability in smartphones |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation. The vulnerability stems from the system's improper restrictions on some operations of users in ADB mode. An attacker could use this vulnerability to switch to a third-party desktop
| VAR-201911-0261 | CVE-2019-5271 | Huawei Myna Information Disclosure Vulnerability |
CVSS V2: 4.8 CVSS V3: 5.4 Severity: MEDIUM |
There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of operations
| VAR-201911-1044 | CVE-2019-18184 | Crestron Electronics DMC-STRO Operating System Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Crestron DMC-STRO The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics DMC-STRO is a streaming media input card for receiving streaming video signals from Crestron Electronics.
Crestron Electronics DMC-STRO has an operating system command injection vulnerability
| VAR-201911-0259 | CVE-2019-5309 | Huawei Honor Play information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Huawei Honor Play is a smart phone product of China's Huawei (Huawei) company
| VAR-201911-0823 | CVE-2019-5247 | Huawei Atlas 300 and Atlas 500 Vulnerable to classic buffer overflow |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Atlas 300 is an AI (Artificial Intelligence) acceleration card. This product is suitable for artificial intelligence training and inference scenarios
| VAR-201911-0296 | CVE-2019-6672 | BIG-IP AFM Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when bad-actor detection is configured on a wildcard virtual server on platforms with hardware-based sPVA, the performance of the BIG-IP AFM system is degraded. BIG-IP AFM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP AFM is an advanced firewall product used to protect against DDos attacks from F5 Corporation of the United States. Security vulnerabilities exist in F5 BIG-IP AFM versions 15.0.0 through 15.0.1, 14.0.0 through 14.1.2, and 13.1.0 through 13.1.3.1. An attacker could exploit this vulnerability to cause legitimate network packet loss or delay
| VAR-201911-0298 | CVE-2019-6674 | F5 SSL Orchestrator Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration. F5 SSL Orchestrator Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This product provides policy-based dynamic decryption, encryption, and flow control functions. Attackers can exploit this vulnerability to crash TMM
| VAR-201911-0292 | CVE-2019-6668 | macOS for BIG-IP APM Edge Client Vulnerable to unauthorized authentication |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5 may allow unprivileged users to access files owned by root. Both F5 BIG-IP APM and F5 BIG-IP APM Clients are products of F5 Corporation in the United States. F5 BIG-IP APM is an access and security solution. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM Clients is a set of APM client software. An attacker could exploit this vulnerability to access files of the root user. The following products and versions are affected: F5 BIG-IP APM 15.0.0 to 15.0.1, 14.1.0 to 14.1.0.5, 14.0.0 to 14.0.0.4, 13.1.0 to 13.1.1.5 Version, 12.1.0 to 12.1.5, 11.5.1 to 11.6.5
| VAR-201911-0289 | CVE-2019-6665 | plural F5 Authentication vulnerabilities in products |
CVSS V2: 7.5 CVSS V3: 9.4 Severity: CRITICAL |
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. plural F5 The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM, etc. are all products of F5 Company in the United States. F5 BIG-IP ASM is a web application firewall (WAF), and F5 Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. F5 BIG-IQ is a software-based cloud management solution. Security flaws exist in several F5 products. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0 to version 15.0.1, version 14.1.0 to version 14.1.2, version 14.0.0 to version 14.0.1, version 13.1.0 to version 13.1.3.1 Version; BIG-IQ version 6.0.0, version 5.2.0-5.4.0; iWorkflow version 2.3.0; Enterprise Manager version 3.1.1