VARIoT IoT vulnerabilities database
| VAR-201908-1823 | CVE-2019-11060 | ASUS HG100 Vulnerability related to resource depletion in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). ASUS HG100 The firmware contains a vulnerability related to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. ASUS SmartHome Gateway HG100 is a smart home central control gateway device from Taiwan ASUS (ASUS). A security vulnerability exists in the web api server on port 8080 in the ASUS SmartHome Gateway HG100 using firmware version 1.05.12 and earlier. An attacker could exploit the vulnerability to cause a denial of service
| VAR-201908-1824 | CVE-2019-11061 | HG100 firmware Access control vulnerability |
CVSS V2: 4.8 CVSS V3: 8.1 Severity: HIGH |
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). HG100 firmware Contains an access control vulnerability.Information may be obtained and information may be altered.
The ASUS SmartHome Gateway HG100 has a security vulnerability, allowing remote attackers to use the vulnerability to submit special requests, bypass security restrictions, and perform unauthorized requests, such as controlling devices. ASUS SmartHome Gateway HG100 is a smart home central control gateway device from ASUS, Taiwan
| VAR-201908-0572 | CVE-2019-13189 | Knowage Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. Knowage Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered
| VAR-201908-0549 | CVE-2019-13348 | Knowage Vulnerabilities related to certificate and password management |
CVSS V2: 4.0 CVSS V3: 8.8 Severity: HIGH |
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases. Knowage Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201908-0565 | CVE-2019-13271 | Edimax BR-6208AC V1 Device access control vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.). Edimax BR-6208AC V1 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Edimax BR-6208AC is a wireless concurrent dual-band router. Edimax BR-6208AC V1 has a hidden channel vulnerability across routers. An attacker could exploit this vulnerability to make ARP requests to any computer on the network. Edimax Technology BR-6208AC is a wireless router manufactured by Edimax Technology, Taiwan, China
| VAR-201908-0586 | CVE-2019-13265 | D-link DIR-825AC G1 Device access control vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.). D-link DIR-825AC G1 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router.
A security vulnerability exists in D-link DIR-825AC G1. D-Link D-link DIR-825AC G1 is a wireless router made by Taiwan D-Link Company
| VAR-201908-0562 | CVE-2019-13268 | TP-Link Archer C3200 and Archer C2 Input Validation Error Vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.). The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link. The vulnerability stems from the fact that the program does not fully isolate the host network and guest network on the same device
| VAR-201908-0563 | CVE-2019-13269 | Edimax BR-6208AC V1 Vulnerability related to input validation on devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. Edimax BR-6208AC V1 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Edimax BR-6208AC is a wireless concurrent dual-band router. Edimax BR-6208AC V1 has a hidden channel vulnerability across routers. Edimax Technology BR-6208AC is a wireless router manufactured by Edimax Technology, Taiwan, China
| VAR-201908-0564 | CVE-2019-13270 | Edimax BR-6208AC V1 device Input validation vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. Edimax BR-6208AC V1 device Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Edimax BR-6208AC is a wireless concurrent dual-band router. Edimax BR-6208AC V1 has a hidden channel vulnerability across routers. Edimax Technology BR-6208AC is a wireless router manufactured by Edimax Technology, Taiwan, China. An attacker could exploit this vulnerability by sending specially crafted IGMP Membership Query packets to transmit data between two isolated network segments on the same device
| VAR-201908-0584 | CVE-2019-13263 | D-link DIR-825AC G1 Vulnerability related to input validation on devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. D-link DIR-825AC G1 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router.
D-link DIR-825AC G1 has a hidden tunnel vulnerability across routers. D-Link DIR-825AC G1 is a wireless router made by Taiwan D-Link Company
| VAR-201908-0587 | CVE-2019-13266 | TP-Link Archer C3200 V1 and Archer C2 V1 Vulnerability related to input validation on devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link. The vulnerability stems from the fact that the program does not fully isolate the host network and guest network on the same device
| VAR-201908-0561 | CVE-2019-13267 | TP-Link Archer C3200 V1 and Archer C2 V1 Vulnerability related to input validation on devices |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. The TP-Link Archer C3200 and Archer C2 are both wireless routers from China's TP-Link
| VAR-201908-0585 | CVE-2019-13264 | D-link DIR-825AC G1 Device access control vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender. D-link DIR-825AC G1 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router.
D-link DIR-825 G1 has a hidden channel vulnerability across routers. D-Link D-link DIR-825AC G1 is a wireless router made by Taiwan D-Link Company
| VAR-201908-0317 | CVE-2019-15648 | WordPress for insert-or-embed-articulate-content-into-wordpress Plug-in access control vulnerability |
CVSS V2: 5.5 CVSS V3: 6.5 Severity: MEDIUM |
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. WordPress for insert-or-embed-articulate-content-into-wordpress The plug-in contains a vulnerability related to access control.Information may be tampered with. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. insert-or-embed-articulate-content-into-wordpress is a plugin used to embed Articulate content into a page.
The WordPress insert-or-embed-articulate-content-into-wordpress plugin has a security vulnerability before version 4.999991, which is caused by the program's failure to adequately restrict delete and rename operations. No detailed vulnerability details are provided at this time
| VAR-201908-0318 | CVE-2019-15649 | WordPress for insert-or-embed-articulate-content-into-wordpress Vulnerability related to unlimited upload of dangerous types of files in plugins |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload. WordPress for insert-or-embed-articulate-content-into-wordpress The plug-in contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. insert-or-embed-articulate-content-into-wordpress is a plugin used to embed Articulate content into a page.
The WordPress insert-or-embed-articulate-content-into-wordpress plug-in has a security vulnerability in versions prior to 4.999, which originated from the failure to sufficiently restrict file uploads. No detailed vulnerability details are provided at this time
| VAR-201908-0940 | CVE-2019-15702 | RIOT Resource management vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_tcp_option.c has an infinite loop for an unknown zero-length option. RIOT Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things.
The TCP implementation (gnrc_tcp) in RIOT 2019.07 and earlier versions has a security vulnerability. An attacker could use this vulnerability to cause an infinite loop, resulting in a denial of service
| VAR-201908-0862 | CVE-2019-13526 | Datalogic AV7000 Linear barcode scanner Authentication vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. Datalogic AV7000 Linear barcode scanner Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AV7000 is a linear barcode scanner launched by Datalogic.
Datalogic AV7000 versions prior to 4.6.0.0 have a certification bypass vulnerability. Remote attackers can use alternative paths or channels to exploit this vulnerability to execute arbitrary code
| VAR-201908-0744 | CVE-2019-15304 | Lierda Grill Temperature Monitor Vulnerabilities related to certificate and password management |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and requires excessive permissions to operate such as Fine GPS location, camera, applists, Serial number, IMEI. In addition to the "backdoor" login access for "admin" purposes, this accompanying app also establishes connections with several china based URLs to include Alibaba cloud computing. NOTE: this device also ships with ProGrade branding. Lierda Grill Temperature Monitor Contains vulnerabilities related to certificate and password management.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The Lierda Grill Temperature Monitor is a grill temperature monitor. There is a trust management issue vulnerability in Lierda Grill Temperature Monitor V1.00_50006. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
| VAR-201908-0931 | CVE-2019-14305 | Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13
| VAR-201908-0932 | CVE-2019-14307 | Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13