VARIoT IoT vulnerabilities database

Beijing Xiyu Information Technology Co., Ltd. is a company that provides online operation management platforms and offline intelligent service solutions for spaces, parks, and commercial buildings. Smart Bluetooth gates are latched in a logic flaw vulnerability that an attacker could use to open any gate.

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions before 7.20A.202.307. A Cross-Site Request Forgery (CSRF) vulnerability in the management web interface allows remote attackers to execute malicious and unauthorized actions, because CSRFProtection=1 is not a default and is not documented. plural AudioCodes Mediant The product contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site request forgery vulnerability exists in several AudioCodes products. An attacker could exploit this vulnerability to perform malicious unauthorized operations

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.253. A cross-site scripting (XSS) vulnerability in the search function of the management web interface allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. plural AudioCodes Mediant The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AudioCodes Mediant 500L-MSBR and others are products of Israel's AudioCodes. AudioCodes Mediant 500L-MSBR is a 500L series integrated SOHO/SMB router. AudioCodes Mediant 500-MSBR is a 500 series integrated SOHO/SMB router. AudioCodes M800B-MSBR is an M800B series integrated SOHO/SMB router. A cross-site scripting vulnerability exists in several AudioCodes products. An attacker could exploit the vulnerability to execute client code

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. PCManager Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei PC Manager is a computer management application from the Chinese company Huawei (Huawei). There is an authorization problem vulnerability in Huawei PC Manager version 9.1.3.1. The vulnerability is caused by the fact that the interface of the driver does not fully verify the data from the user mode. An attacker could exploit this vulnerability to execute malicious code

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. At the time of publication, this vulnerability affected Cisco ISE running software releases prior to 2.4.0 Patch 9 and 2.6.0. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvm10275. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability stems from the lack of correct validation of client data in WEB applications

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. At the time of publication, this vulnerability affected Cisco ISE running software releases 2.6.0 and prior. This issue is being tracked by Cisco Bug ID CSCvp29278. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7. Cisco Industrial Network Director (IND) Contains a cryptographic vulnerability.Information may be obtained. The system is automated through the visualization of industrial Ethernet infrastructure. The WebServicesManagementAgent (WSMA) feature in previous versions of Cisco IND1.7 had an encryption vulnerability that caused the program to fail to fully validate the X.509 certificate. This issue is being tracked by Cisco Bug ID CSCvp13125

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable. An attacker with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvo93538

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. This issue is being tracked by Cisco Bug ID CSCvp40762 and CSCvp40765

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure. HuaweiHonorMagic2 is a smartphone from China's Huawei company

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. TP-Link Archer C1200 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-Link Archer C1200 is a wireless router from China Unicom (TP-Link). A buffer overflow vulnerability exists in CMD_SET_CONFIG_COUNTRY of the TP-LinkDeviceDebug protocol in TP-LinkArcherC12001.0.0Build20180502rel.45702 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. TP-Link Wireless Router Archer Router Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-Link Wireless Router Archer Router is a wireless router of China Pulian (TP-Link)

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. Linksys WiFi extender RE6400 and RE6300 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linksys RE6400 and Linksys RE6300 are both a wireless network signal extender from Linksys in the United States. There is a security vulnerability in the web interface of Linksys RE6400 1.2.04.022 and earlier versions and RE6300 1.2.04.022 and earlier versions. The vulnerability is caused by the program not filtering user input

CJ2M-CPU31 is a programmable logic controller (PLC) Omron CJ2M-CPU31 has a denial of service vulnerability. An attacker can use this vulnerability to continuously exhaust specific CPU resources by sending specific packets to the target PLC

A vulnerability in the 802.11r Fast Transition (FT) implementation for Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected interface. The vulnerability is due to a lack of complete error handling condition for client authentication requests sent to a targeted interface configured for FT. An attacker could exploit this vulnerability by sending crafted authentication request traffic to the targeted interface, causing the device to restart unexpectedly. Attackers can exploit this issue to cause the device to restart resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvg95745

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system. The REST API is enabled by default and cannot be disabled. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvo52767

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. PowerShell Core 6.1, and 6.2 are vulnerable

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. Fortinet FortiNAC Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiNAC is a network access control solution from Fortinet. This product is mainly used for network access control and IoT security protection. The admin webUI in Fortinet FortiNAC version 8.3.0 to 8.3.6 and 8.5.0 has a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiNAC 8.3.0 through 8.3.6 and 8.5.0 are vulnerable

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image

Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The product provides functions such as value chain planning, value chain execution, and product lifecycle management. The vulnerability can be exploited over the 'HTTP' Protocol