VARIoT IoT vulnerabilities database

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link. The vulnerability stems from the fact that the program does not fully isolate the host network and guest network on the same device

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. D-link DIR-825AC G1 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. D-link DIR-825 G1 has a hidden channel vulnerability across routers. D-Link D-link DIR-825AC G1 is a wireless router made by Taiwan D-Link Company

The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. WordPress for insert-or-embed-articulate-content-into-wordpress The plug-in contains a vulnerability related to access control.Information may be tampered with. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. insert-or-embed-articulate-content-into-wordpress is a plugin used to embed Articulate content into a page. The WordPress insert-or-embed-articulate-content-into-wordpress plugin has a security vulnerability before version 4.999991, which is caused by the program's failure to adequately restrict delete and rename operations. No detailed vulnerability details are provided at this time

The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. WordPress for insert-or-embed-articulate-content-into-wordpress The plug-in contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. insert-or-embed-articulate-content-into-wordpress is a plugin used to embed Articulate content into a page. The WordPress insert-or-embed-articulate-content-into-wordpress plug-in has a security vulnerability in versions prior to 4.999, which originated from the failure to sufficiently restrict file uploads. No detailed vulnerability details are provided at this time

In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. RIOT Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things. The TCP implementation (gnrc_tcp) in RIOT 2019.07 and earlier versions has a security vulnerability. An attacker could use this vulnerability to cause an infinite loop, resulting in a denial of service

Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. Datalogic AV7000 Linear barcode scanner Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AV7000 is a linear barcode scanner launched by Datalogic. Datalogic AV7000 versions prior to 4.6.0.0 have a certification bypass vulnerability. Remote attackers can use alternative paths or channels to exploit this vulnerability to execute arbitrary code

Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. Lierda Grill Temperature Monitor Contains vulnerabilities related to certificate and password management.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The Lierda Grill Temperature Monitor is a grill temperature monitor. There is a trust management issue vulnerability in Lierda Grill Temperature Monitor V1.00_50006. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13

Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13

Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13

Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. MikroTik RouterOS Contains an input validation vulnerability.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.44.5 and earlier versions and 6.45.x to 6.45.3 versions. The vulnerability is caused by the program not handling disk names correctly

Shenzhen Youfang Technology Co., Ltd. is a company specializing in M2M IoT wireless communication products and services. It provides industrial module products and related services in various communication systems such as GPRS, CDMA 1X, WCDMA, EVDO, and LTE. Youfang Technology 4G Module Performance King N720 has a command execution vulnerability. An attacker could use the vulnerability to connect remotely to obtain root shell.

Shanghai Yuge Information Technology Co., Ltd. is engaged in the research, development, production and operation of 3G / 3.75G / 4G / NB communication modules. It is a communication module company with a patch production factory. There is an unauthorized access vulnerability in the communication module CLM920_NC5 of Shanghai Domain Information Technology Co., Ltd. An attacker could use the vulnerability to connect remotely to obtain root shell.

Xiamen Sixin Communication Technology Co., Ltd. is the research and development, production, promotion and service of IoT application products and high-end wireless communication transmission equipment in the industrial field. Four letter 4G router F7A26 has an unauthorized access vulnerability. Attackers can use the vulnerability to directly access the IP for management control.

Longsun Technology (Shanghai) Co., Ltd. is a supplier of IoT modules and solutions. Longsun Technology U9300W, U9507C 4G module has unauthorized access vulnerability. An attacker could use the vulnerability to gain root privileges.

Jinan Youren Internet Technology Co., Ltd. is a technology company that makes serial networking modules. There are multiple remote command execution vulnerabilities in the 4G module USR-LTE-7S4 V2 in Jinan Youren Internet Technology Co., Ltd. Allows an attacker to execute commands remotely.

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. D-Link DIR-823G The device firmware contains a command injection vulnerability. This vulnerability CVE-2019-13482 Vulnerability associated with.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command