VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201908-0936 CVE-2019-14300 Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) CVSS V2: 7.5
CVSS V3: 9.8
Severity: Critical
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13
VAR-201908-0933 CVE-2019-14308 Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs) CVSS V2: 7.5
CVSS V3: 9.8
Severity: Critical
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below. * Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300 * Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305 * Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307 * Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code. RICOH SP C252SF, etc. A buffer error vulnerability exists in several RICOH printers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: RICOH SP C250SF with firmware prior to 1.07; SP C252SF with firmware prior to 1.07; SP C250DN with firmware prior to 1.13; SP C252DN with firmware prior to 1.13
VAR-201908-0255 CVE-2019-9569 Delta Controls enteliBUS Manager Buffer error vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors. Delta Controls enteliBUS Manager Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Controls enteliBUS Manager is a programmable BACnet (communication protocol for smart buildings) controller from Delta Controls, Canada. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
VAR-201908-0802 CVE-2019-15055 MikroTik RouterOS Input validation vulnerability CVSS V2: 5.5
CVSS V3: 6.5
Severity: MEDIUM
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. MikroTik RouterOS Contains an input validation vulnerability.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.44.5 and earlier versions and 6.45.x to 6.45.3 versions. The vulnerability is caused by the program not handling disk names correctly
VAR-201908-2197 No CVE Youfang Technology 4G Module Performance King N720 Command Execution Vulnerability CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
Shenzhen Youfang Technology Co., Ltd. is a company specializing in M2M IoT wireless communication products and services. It provides industrial module products and related services in various communication systems such as GPRS, CDMA 1X, WCDMA, EVDO, and LTE. Youfang Technology 4G Module Performance King N720 has a command execution vulnerability. An attacker could use the vulnerability to connect remotely to obtain root shell.
VAR-201908-2200 No CVE Shanghai Yuge Information Technology Co., Ltd. communication module CLM920_NC5 has unauthorized access vulnerability CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
Shanghai Yuge Information Technology Co., Ltd. is engaged in the research, development, production and operation of 3G / 3.75G / 4G / NB communication modules. It is a communication module company with a patch production factory. There is an unauthorized access vulnerability in the communication module CLM920_NC5 of Shanghai Domain Information Technology Co., Ltd. An attacker could use the vulnerability to connect remotely to obtain root shell.
VAR-201908-2203 No CVE Four letter 4G router F7A26 has unauthorized access vulnerability CVSS V2: 3.3
CVSS V3: -
Severity: LOW
Xiamen Sixin Communication Technology Co., Ltd. is the research and development, production, promotion and service of IoT application products and high-end wireless communication transmission equipment in the industrial field. Four letter 4G router F7A26 has an unauthorized access vulnerability. Attackers can use the vulnerability to directly access the IP for management control.
VAR-201908-2209 No CVE Longsun Technology U9300W, U9507C 4G module has unauthorized access vulnerability CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
Longsun Technology (Shanghai) Co., Ltd. is a supplier of IoT modules and solutions. Longsun Technology U9300W, U9507C 4G module has unauthorized access vulnerability. An attacker could use the vulnerability to gain root privileges.
VAR-201908-2204 No CVE USR-LTE-7S4 V2 has multiple remote command execution vulnerabilities CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
Jinan Youren Internet Technology Co., Ltd. is a technology company that makes serial networking modules. There are multiple remote command execution vulnerabilities in the 4G module USR-LTE-7S4 V2 in Jinan Youren Internet Technology Co., Ltd. Allows an attacker to execute commands remotely.
VAR-201908-0337 CVE-2019-15526 D-Link DIR-823G Command injection vulnerability in device firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482. D-Link DIR-823G The device firmware contains a command injection vulnerability. This vulnerability CVE-2019-13482 Vulnerability associated with.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
VAR-201908-0338 CVE-2019-15527 D-Link DIR-823G Command injection vulnerability in device firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
VAR-201908-0299 CVE-2019-15498 Vera Edge Home Controller In OS Command injection vulnerability CVSS V2: 9.3
CVSS V3: 8.8
Severity: HIGH
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh. Vera Edge Home Controller is a smart home central control unit. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data
VAR-201908-0339 CVE-2019-15528 D-Link DIR-823G Command injection vulnerability in device firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit this vulnerability to execute an illegal command
VAR-201908-0341 CVE-2019-15530 D-Link DIR-823G Command injection vulnerability in device firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
VAR-201908-0340 CVE-2019-15529 D-Link DIR-823G Command injection vulnerability in device firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. D-Link DIR-823G The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. A command injection vulnerability exists in the D-Link DIR-823G. The vulnerability stems from the external input data constructing executable commands, and the network system or product fails to properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command
VAR-201908-0326 CVE-2019-15513 OpenWrt libuci and Motorola Vulnerability related to input validation on devices CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. Both Motorola CX2L MWR04L and Motorola C1 MWR03 are wireless routers produced by Motorola. OpenWrt libuci in Motorola CX2L MWR04L version 1.01 and Motorola C1 MWR03 version 1.01 has an input validation error vulnerability, which is caused by the program not properly handling the lock of /tmp/.uci/network after receiving a long SetWanSettings command. An attacker could exploit this vulnerability to hang the device
VAR-201908-0282 CVE-2019-15480 Domoticz Cross-Site Scripting Vulnerability CVSS V2: 3.5
CVSS V3: 5.4
Severity: MEDIUM
Domoticz 4.10717 has XSS via item.Name. Domoticz Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Domoticz is an open source smart home system. The system supports the monitoring and control of a variety of smart home devices. A cross-site scripting vulnerability exists in Domoticz version 4.10717 that could allow an attacker to execute client-side code
VAR-201908-0329 CVE-2019-15516 Cuberite Path Traversal Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. Cuberite Contains a path traversal vulnerability.Information may be obtained. Cuberite is a lightweight, scalable multiplayer server written in C++. A path traversal vulnerability exists in versions of Cuberite 2019-06-11 that could allow an attacker to gain access to a location outside of a restricted directory
VAR-201908-0290 CVE-2019-15488 Ignite Realtime Openfire Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Ignite Realtime Openfire Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Ignite Realtime Openfire is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support tens of thousands. The number of concurrent users
VAR-201909-0036 CVE-2019-6005 Smart TV Box fails to restrict access permissions CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if the original setting is changed later, for example, LAN side interface connection to internet directly is enabled, access to Android Debug Bridge via port 5555/TCP of LAN side interface becomes enabled. Yoshiki Mori and Masaki Kubo of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA