VARIoT IoT vulnerabilities database
| VAR-201908-0936 | CVE-2019-14300 | Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13
| VAR-201908-0933 | CVE-2019-14308 | Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13
| VAR-201908-0255 | CVE-2019-9569 | Delta Controls enteliBUS Manager Buffer error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201908-0802 | CVE-2019-15055 | MikroTik RouterOS Input validation vulnerability |
CVSS V2: 5.5 CVSS V3: 6.5 Severity: MEDIUM |
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. MikroTik RouterOS Contains an input validation vulnerability.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.44.5 and earlier versions and 6.45.x to 6.45.3 versions. The vulnerability is caused by the program not handling disk names correctly
| VAR-201908-2197 | No CVE | Youfang Technology 4G Module Performance King N720 Command Execution Vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Shenzhen Youfang Technology Co., Ltd. is a company specializing in M2M IoT wireless communication products and services. It provides industrial module products and related services in various communication systems such as GPRS, CDMA 1X, WCDMA, EVDO, and LTE.
Youfang Technology 4G Module Performance King N720 has a command execution vulnerability. An attacker could use the vulnerability to connect remotely to obtain root shell.
| VAR-201908-2200 | No CVE | Shanghai Yuge Information Technology Co., Ltd. communication module CLM920_NC5 has unauthorized access vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Shanghai Yuge Information Technology Co., Ltd. is engaged in the research, development, production and operation of 3G / 3.75G / 4G / NB communication modules. It is a communication module company with a patch production factory.
There is an unauthorized access vulnerability in the communication module CLM920_NC5 of Shanghai Domain Information Technology Co., Ltd. An attacker could use the vulnerability to connect remotely to obtain root shell.
| VAR-201908-2203 | No CVE | Four letter 4G router F7A26 has unauthorized access vulnerability |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Xiamen Sixin Communication Technology Co., Ltd. is the research and development, production, promotion and service of IoT application products and high-end wireless communication transmission equipment in the industrial field.
Four letter 4G router F7A26 has an unauthorized access vulnerability. Attackers can use the vulnerability to directly access the IP for management control.
| VAR-201908-2209 | No CVE | Longsun Technology U9300W, U9507C 4G module has unauthorized access vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Longsun Technology (Shanghai) Co., Ltd. is a supplier of IoT modules and solutions.
Longsun Technology U9300W, U9507C 4G module has unauthorized access vulnerability. An attacker could use the vulnerability to gain root privileges.
| VAR-201908-2204 | No CVE | USR-LTE-7S4 V2 has multiple remote command execution vulnerabilities |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Jinan Youren Internet Technology Co., Ltd. is a technology company that makes serial networking modules.
There are multiple remote command execution vulnerabilities in the 4G module USR-LTE-7S4 V2 in Jinan Youren Internet Technology Co., Ltd. Allows an attacker to execute commands remotely.
| VAR-201908-0337 | CVE-2019-15526 | D-Link DIR-823G Command injection vulnerability in device firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. D-Link DIR-823G The device firmware contains a command injection vulnerability. This vulnerability CVE-2019-13482 Vulnerability associated with.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
| VAR-201908-0338 | CVE-2019-15527 | D-Link DIR-823G Command injection vulnerability in device firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
| VAR-201908-0299 | CVE-2019-15498 | Vera Edge Home Controller In OS Command injection vulnerability |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. Vera Edge Home Controller is a smart home central control unit. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data
| VAR-201908-0339 | CVE-2019-15528 | D-Link DIR-823G Command injection vulnerability in device firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit this vulnerability to execute an illegal command
| VAR-201908-0341 | CVE-2019-15530 | D-Link DIR-823G Command injection vulnerability in device firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
| VAR-201908-0340 | CVE-2019-15529 | D-Link DIR-823G Command injection vulnerability in device firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
| VAR-201908-0326 | CVE-2019-15513 | OpenWrt libuci and Motorola Vulnerability related to input validation on devices |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. Both Motorola CX2L MWR04L and Motorola C1 MWR03 are wireless routers produced by Motorola. OpenWrt libuci in Motorola CX2L MWR04L version 1.01 and Motorola C1 MWR03 version 1.01 has an input validation error vulnerability, which is caused by the program not properly handling the lock of /tmp/.uci/network after receiving a long SetWanSettings command. An attacker could exploit this vulnerability to hang the device
| VAR-201908-0282 | CVE-2019-15480 | Domoticz Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Domoticz 4.10717 has XSS via item.Name. Domoticz Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Domoticz is an open source smart home system. The system supports the monitoring and control of a variety of smart home devices. A cross-site scripting vulnerability exists in Domoticz version 4.10717 that could allow an attacker to execute client-side code
| VAR-201908-0329 | CVE-2019-15516 | Cuberite Path Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. Cuberite Contains a path traversal vulnerability.Information may be obtained. Cuberite is a lightweight, scalable multiplayer server written in C++. A path traversal vulnerability exists in versions of Cuberite 2019-06-11 that could allow an attacker to gain access to a location outside of a restricted directory
| VAR-201908-0290 | CVE-2019-15488 | Ignite Realtime Openfire Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Ignite Realtime Openfire Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Ignite Realtime Openfire is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support tens of thousands. The number of concurrent users
| VAR-201909-0036 | CVE-2019-6005 | Smart TV Box fails to restrict access permissions |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled. Yoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA