VARIoT IoT vulnerabilities database

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. D-Link DIR-655 C The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-655C is a wireless router from D-Link Corporation of Taiwan, China. A security vulnerability exists in previous versions of D-LinkDIR-655C3.02B05BETA03

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a different issue than CVE-2018-19588. This occurs because of incorrect protection of VPN certificates (used for initiating a VPN session to the Alarm.com infrastructure) on the local camera device. This vulnerability CVE-2018-19588 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alarm.com ADC-V522IR 0100b9 is an indoor network camera produced by Alarm.com in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. D-Link DIR-655 C The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-655C is a wireless router from D-Link Corporation of Taiwan, China. A security vulnerability exists in previous versions of D-LinkDIR-655C3.02B05BETA03. An attacker could use the vulnerability to reset the password to the default null value using the \342\200\230setup_wizard\342\200\231 parameter

Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. Alarm.com ADC-V522IR The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alarm.com ADC-V522IR 0100b9 is an indoor network camera produced by Alarm.com in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Taiwan Yonghong Motor Co., Ltd. was founded in 1992 by a group of engineers engaged in PLC design and development. PM Designer has a dll hijacking vulnerability that can be used by an attacker to gain server permissions

WordPress is a blogging platform based on the PHP language. It can be used to set up a website on a server that supports PHP and MySQL databases. The WordPress plugin Insert or Embed Articulate Content into WordPress has a remote code execution vulnerability. An attacker could use this vulnerability to execute arbitrary code remotely, perform unauthorized operations, cause a denial of service condition, and retrieve sensitive information.

WordPress is a blogging platform based on the PHP language. It can be used to set up a website on a server that supports PHP and MySQL databases. The WordPress plugin Insert or Embed Articulate Content into WordPress has a remote code execution vulnerability. An attacker could use this vulnerability to execute arbitrary code remotely, perform unauthorized operations, cause denial of service conditions, and retrieve sensitive information.

D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. D-Link DIR-655 C The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-655C is a wireless router from D-Link Corporation of Taiwan, China. A cross-site request forgery vulnerability exists in previous versions of D-LinkDIR-655C3.02B05BETA03. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall filter is applied on the loopback interface, other firewall filters might stop working for multicast traffic. The command 'show firewall filter' can be used to confirm whether the filter is working. This issue only affects the EX4300 switch. No other products or platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D51, 14.1X53-D115 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3-S2 on EX4300 Series; 17.3 versions prior to 17.3R3-S3 on EX4300 Series; 17.4 versions prior to 17.4R2-S5, 17.4R3 on EX4300 Series; 18.1 versions prior to 18.1R3-S1 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series; 18.3 versions prior to 18.3R2 on EX4300 Series. Juniper Networks Junos OS Contains vulnerabilities related to security features.Information may be tampered with. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 14.1X53, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.3

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. Juniper Networks Junos OS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. Attackers can exploit this vulnerability to bypass veriexec restrictions. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4 , Version 18.1, Version 18.2, Version 18.2X75, Version 18.3, Version 18.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:12.telnet Security Advisory The FreeBSD Project Topic: telnet(1) client multiple vulnerabilities Category: contrib Module: contrib/telnet Announced: 2019-07-24 Credits: Juniper Networks Affects: All supported versions of FreeBSD. Corrected: 2019-07-19 15:37:29 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:51:52 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-19 15:27:53 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:51:52 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:51:52 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-0053 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The telnet(1) command is a TELNET protocol client, used primarily to establish terminal sessions across a network. II. III. Impact These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1). IV. Workaround Do not use telnet(1) to connect to untrusted machines or over an untrusted network. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch # fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch.asc # gpg --verify telnet.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350139 releng/12.0/ r350281 stable/11/ r350140 releng/11.2/ r350281 releng/11.3/ r350281 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0053> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc> -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WltfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLOzA//YxRZNUr+d8B+t6DnBUbVvthJiY9sQ1YPXUIJmp4QA7wvXr5UjURw+6qv raxEp6JmF06wZK4RjeIFckQD6s2wnjO5VHO80Zbs0nD4NejQGeDAIlVdKqofOtJv bBQNSY3vPAtumyfElc+N19rKetAjGbsUjOMbn87GlWrit4lqcavBQsdmSlQB5gVA dFAFsVxr+ujjATnrCmIpFiaDk0unyJ7Gtz7jiM9I8xZueJtM49/9kNCFFLKCMUl8 HpB2k0cb18GVNJoKtzo1nELOM/oIJVO5HZt1fmYG/RgeL1BSyzg4q/5jXJQopJ2h Qax7fmMP+RpGGrfp9Uom63tj79eQk2NirpUtfAaYkfGKzj6fNcq/7jxZfbobx0R8 uTiF88mlv2/SGxpo11Z/QBqOSYTQtjDRYJvjCo77g7YW8HauECC3tiklpPfFOIO8 m5qNOORKI74Do377GBF3gxDF2T8ILwj1j7nKHf3apotvQXJkkbpWBG7ADRTFcZWd PMKdYiDPHV33YmCAg9tOAqV4O7TvaB07ZLKiI6kuSBtPVrazB8Az/oRJwfF6JQ6g 4ZdinyCrXWYrWslkW8402GKCERFFYJUvwLSUqHxYMRgZWPy9zf/mH56vh4bleYnP kz2X7OgtB3Juu0Uzwv927+KZuyzitniaPlLe9tsyBwXFbUM+BrY= =LWVf -----END PGP SIGNATURE-----

Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. Philips Holter is prone to a local security bypass vulnerability. A local attacker can exploit this issue to bypass security restrictions and gain unauthorized access to the disabled features of the product

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition. SIPROTEC 5 Device and DIGSI 5 engineering software Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. A denial of service vulnerability exists in SiemensSIPROTEC5 and SiemensDIGISI5

Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges on an affected system. Symantec Messaging Gateway versions prior to 10.7.1 are vulnerable. The product includes features such as antispam, antivirus, advanced content filtering, and data loss prevention

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings. D-Link DIR-818LW The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in HNAP1 in D-LinkDIR-818LW using firmware version 2.06betab01. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. D-Link DIR-818LW is prone to multiple command-injection vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions

An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings. D-Link DIR-818LW The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-818LW is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in HNAP1 in D-LinkDIR-818LW using firmware version 2.06betab01. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. D-Link DIR-818LW is prone to multiple command-injection vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. A buffer overflow vulnerability exists in TRENDnetTEW-827DRU with firmware version 2.04B03 and earlier. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance. Vivotek FD8136 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VivotekFD8136 is a hemispherical network camera from China's Taiwan Vivotek. A buffer overflow vulnerability exists in VivotekFD8136 that could allow an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware. Vivotek FD8136 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VivotekFD8136 is a hemispherical network camera from China's Taiwan Vivotek. There is a command injection vulnerability in VivotekFD8136. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. A security hole exists in the TRENDnetTEW-827DRU using firmware version 2.04B03 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands on the device