VARIoT IoT vulnerabilities database
| VAR-201908-0051 | CVE-2019-6695 | Fortinet FortiManager Input validation vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs
| VAR-201908-0717 | CVE-2019-15060 | TP-Link TL-WR840N v4 Vulnerability related to input validation in router firmware |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. TP-Link TL-WR840N v4 The router firmware contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TTP-Link TL-WR840N is a wireless router from China Unicom (TP-Link). TP-Link TL-WR840N has an input validation error vulnerability. An attacker could exploit the vulnerability to execute arbitrary code
| VAR-201908-0092 | CVE-2019-5635 | Belwith Products, LLC Hickory Smart Ethernet Bridge Vulnerable to information disclosure |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information
| VAR-201908-2189 | No CVE | Tenda W20E V15.11.0.6_CN has command execution vulnerability (CNVD-2019-22869) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Shenzhen Lucky Tenda Technology Co., Ltd. is one of the first pioneers in China's wireless network field.
Tenda W20E V15.11.0.6_CN has a command execution vulnerability, which can be used by an attacker to gain server permissions.
| VAR-201908-2198 | No CVE | Tenda W20E V15.11.0.6_CN has command execution vulnerability (CNVD-2019-22866) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Shenzhen Lucky Tenda Technology Co., Ltd. is one of the first pioneers in China's wireless network field.
Tenda W20E V15.11.0.6_CN has a command execution vulnerability, which can be used by an attacker to gain server permissions.
| VAR-201908-2199 | No CVE | D-Link Dir-816 management system has unauthorized access vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
D-Link Dir-816 is a wireless router.
The D-Link Dir-816 management system has an unauthorized access vulnerability that could be exploited by an attacker to execute arbitrary code.
| VAR-201908-2194 | No CVE | Command execution vulnerability in D-Link Dir-859 management system |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
D-Link Dir-859 is a wireless router.
The D-Link Dir-859 management system has a command execution vulnerability that can be used by an attacker to execute arbitrary code.
| VAR-201908-2201 | No CVE | Tenda W20E V15.11.0.6_CN has command execution vulnerability (CNVD-2019-22867) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Shenzhen Lucky Tenda Technology Co., Ltd. is one of the first pioneers in China's wireless network field.
Tenda W20E V15.11.0.6_CN has a command execution vulnerability, which can be used by an attacker to gain server permissions.
| VAR-201908-2205 | No CVE | File contain vulnerability in DPtech SSL VPN |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou DPtech Technology Co., Ltd. is a high-tech listed company integrating research and development, production and sales in the field of network security and application delivery.
DPtech SSL VPN has a file containing a vulnerability that could be used by an attacker to gain sensitive information.
| VAR-201908-1877 | CVE-2019-11601 | ProSyst mBS SDK and Bosch IoT Gateway Software Path traversal vulnerability |
CVSS V2: 6.4 CVSS V3: 7.5 Severity: HIGH |
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory
| VAR-201908-0832 | CVE-2019-1850 | Cisco Integrated Management Controller In OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator credentials on the device. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker with elevated privileges could exploit this vulnerability by sending crafted commands to the administrative web management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series and S-Series Servers (in single mode) (Cisco IMC Software releases prior to 3.0 and releases prior to 4.0); UCS E-Series Servers (Cisco IMC Software releases prior to 3.2(8) ); 5000 Series Enterprise Network Compute System (ENCS) Platforms (Cisco IMC Software prior to 3.2(8))
| VAR-201908-0275 | CVE-2019-12626 | Cisco Unified Contact Center Express Input validation vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials. Cisco Unified Contact Center Express (Unified CCX) Contains an input validation vulnerability.Information may be obtained and information may be altered. This component supports functions such as self-service voice service, call distribution, and customer access control
| VAR-201908-0668 | CVE-2019-1634 | Cisco Integrated Management Controller Input validation vulnerability |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device. Cisco Integrated Management Controller (IMC) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Integrated Management Controller (IMC) is a set of software used by Cisco to manage UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series Servers (in single mode); Cisco UCS S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platforms
| VAR-201908-0277 | CVE-2019-12634 | plural Cisco Vulnerabilities related to authorization, authority, and access control in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server
| VAR-201908-0274 | CVE-2019-12624 | Cisco IOS XE New Generation Wireless Controller Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. Cisco IOS XE is an operating system developed by Cisco for its network equipment. The following products and versions are affected: Cisco 5760 Wireless LAN Controllers; Catalyst 3650 Series Switches; Catalyst 3850 Series Switches; Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches
| VAR-201908-0831 | CVE-2019-1863 | Cisco Integrated Management Controller Software Authorization vulnerability |
CVSS V2: 9.0 CVSS V3: 8.1 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series and S-Series Servers (in single mode); UCS E-Series Servers; 5000 Series Enterprise Network Compute System (ENCS) Platforms
| VAR-201908-0830 | CVE-2019-1839 | Cisco Remote PHY Vulnerability related to input validation in device software |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying various CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, allowing complete compromise of the system. The following products and versions are affected: Cisco Remote PHY 120 prior to 6.4, Remote PHY 220 prior to 3.1, and Remote PHY Shelf 7200 prior to 1.2
| VAR-201908-1879 | CVE-2019-11603 | ProSyst mBS SDK and Path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. Windows for Valve Steam Client Contains a path traversal vulnerability.Information may be obtained. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. Bosch IoT Gateway Software is a set of OSGi-based IoT gateway software from German company Bosch. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory
| VAR-201908-0276 | CVE-2019-12627 | Cisco Firepower Threat Defense Software access control vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data
| VAR-201908-0390 | CVE-2019-1883 | Cisco Integrated Management Controller In OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges. The vulnerability is due to insufficient validation of user-supplied input on the command-line interface. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow an attacker to execute arbitrary commands on the device with root privileges. Cisco Integrated Management Controller (IMC) is a set of software used by Cisco to manage UCS (Unified Computing System). The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The following products and versions are affected: Cisco UCS C-Series and S-Series Servers (in single mode) (Cisco IMC Software releases prior to 3.0 and releases prior to 4.0); UCS E-Series Servers (Cisco IMC Software releases prior to 3.2(8) ); 5000 Series Enterprise Network Compute System (ENCS) Platforms (Cisco IMC Software prior to 3.2(8))