VARIoT IoT vulnerabilities database

On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. RICOH MP 501 The printer contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The RICOH MP 501 is a printer from the Japanese company RICOH. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for. FortiMail admin Vulnerable to a lack of authentication.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail version 6.2.0, versions 6.0.0 to 6.0.6, and versions 5.4.10 and earlier have security vulnerabilities

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for. FortiMail admin Contains an incorrect authentication vulnerability.Information may be obtained. Fortinet FortiMail is a suite of e-mail security gateway products from Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail version 6.2.0, versions 6.0.0 to 6.0.6, and versions 5.4.10 and earlier have security vulnerabilities. Attackers can exploit this vulnerability to download system backup configuration files

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. Fortinet FortiOS Contains a vulnerability related to lack of entropy.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS versions 6.2.1, 6.2.0, 6.0.8 and earlier have security signature vulnerabilities in the deterministic (pseudo-random) number generator (PRNG). An attacker could exploit this vulnerability to obtain sensitive information

The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time. ** Unsettled ** This case has not been confirmed as a vulnerability. ASUS ROG Zephyrus M GM501GS Laptops are vulnerable to input validation. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-18216Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

The Triconex SIS system is a modern programmable logic and process controller. The Triconex SIS system has an authentication bypass vulnerability that can be used by unauthorized attackers to access the controller.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. A weak password vulnerability exists in Ruijie NBR routers. Attackers can use this vulnerability to obtain sensitive information.

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. WAGO Series PFC100 and PFC200 The device is vulnerable to an externally controllable reference to another realm resource.Information may be obtained. WAGO Series PFC100 and WAGO Series PFC200 are both programmable logic controllers from German WAGO company

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. Sangoma Technologies SBC is a Border Session Controller (SBC) from Sangoma Technologies of Canada. Sangoma Technologies SBC 2.3.23-119-GA version has a parameter injection vulnerability. An attacker can use this vulnerability to bypass authentication and log in as a non-existent user, and obtain full access to the database, including the creation of authorized users

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-17526Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. Sangoma Technologies SBC is a Border Session Controller (SBC) from Sangoma Technologies of Canada. A security vulnerability exists in the Sangoma Technologies SBC 2.3.23-119-GA version. Attackers can use the application's login interface to exploit the vulnerability to create privileged accounts on the system

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. Horner Automation Cscape is a set of programming software for the development of industrial control systems by Horner Automation

Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. Samsung Galaxy S10 and Note10 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Samsung Galaxy S10 and Samsung Galaxy Note10 are both smartphones of the Korean company Samsung. There are security holes in Samsung Galaxy S10 and Samsung Galaxy Note10. An attacker can use the unregistered fingerprint to use the vulnerability to open the phone

An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. Bitdefender BOX The firmware contains a vulnerability related to resource allocation without restrictions or throttling.Service operation interruption (DoS) There is a possibility of being put into a state

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). HiNet GPON The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731

A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). HiNet GPON Firmware contains an information disclosure vulnerability.Information may be obtained. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system. eQ-3 Homematic CCU3 is a central control unit for a smart home system from German eQ-3 company

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. HiNet GPON There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan. Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731 has a security vulnerability

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash. AVEVA for IEC870IP The driver contains an out-of-bounds write vulnerability.Denial of service (DoS) May be in a state. AVEVA Vijeo Citect and AVEVA CitectSCADA are a set of data acquisition and monitoring system (SCADA) software. IEC870IP is one of these drivers

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. eQ-3 HomeMatic CCU3 The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. eQ-3 Homematic CCU3 is a central control unit for a smart home system from German eQ-3 company