VARIoT IoT vulnerabilities database

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. D-Link Central WiFi Manager CWM(100) Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkCentral WiFiManager (CWM-100) is a web-based wireless access point management tool that enables you to create and manage multi-site, multi-tenant wireless networks. A remote code execution vulnerability exists in /web/Lib/Action/IndexAction.class.php in previous versions of D-LinkCentral WiFiManager (CWM-100) 1.03R0100_BETA6. A remote attacker can exploit this vulnerability to execute arbitrary PHP code through cookies

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. HPE UIoT Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There are security holes in HPE UIoT. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. The following products and versions are affected: HPE UIoT Version 1.6, Version 1.5, Version 1.4.2, Version 1.4.1, Version 1.4.0, Version 1.2.4.2. HP UIoT is prone to an unauthorized-access vulnerability. HP UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 are vulnerable

Invoxia NVX220 devices allow TELNET access as admin with a default password. Invoxia NVX220 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Invoxia NVX220 is an IP phone from Invoxia, France. A vulnerability management issue vulnerability exists in InvoxiaNVX220. An attacker could exploit this vulnerability to access a custom CLI

Digisol Wireless Wifi Home Router HR-3300 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLSYSTEMSWirelessWifiHomeRouterHR-3300 is a home wireless router from DIGISOLSYSTEMS, India. A cross-site scripting vulnerability exists in DIGISOLSYSTEMSWirelessWifiHomeRouterHR-3300. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

M340 is a medium-sized PLC of Schneider Electric, which has a wide range of applications in the field of industrial control in China. A denial of service vulnerability exists in the Schneider Electric M340 PLC. The attacker sends a port 80 by constructing a special message, which can cause the web service to refuse to respond

Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as distributed with alsa-plugins 1.1.7 and later) has a "double file descriptor close" issue during a failed connection attempt when jackd2 is not running. Exploitation success depends on multithreaded timing of that double close, which can result in unintended information disclosure, crashes, or file corruption due to having the wrong file associated with the file descriptor. JACK2 and alsa The plug-in contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. JACK2 is a low latency audio server. There is a security vulnerability in libjack's posix/JackSocket.cpp file from JACK 21.9.1 to 1.9.12. An attacker could exploit the vulnerability to disclose information, cause damage to the file, or cause other hazards. ========================================================================== Ubuntu Security Notice USN-5656-1 October 04, 2022 jackd2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: JACK could cause a crash in certain conditions. Software Description: - jackd2: JACK Audio Connection Kit (server and example clients) Details: Joseph Yasi discovered that JACK incorrectly handled the closing of a socket in certain conditions. An attacker could potentially use this issue to cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: jackd2 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 jackd2-firewire 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 libjack-jackd2-0 1.9.10+20150825git1ed50c92~dfsg-1ubuntu1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5656-1 CVE-2019-13351

Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. Invoxia NVX220 The device contains an information disclosure vulnerability.Information may be obtained. The Invoxia NVX220 is an IP phone from Invoxia, France. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS packet to the management web interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a denial of service (DoS) condition. Cisco Small Business 200 , 300 , 500 Series Managed Switch Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. are all products of Cisco. This issue is being tracked by Cisco Bug ID CSCvp43390

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific set of attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic from explicitly defined peers only. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer. Cisco IOS XR The software contains an input validation vulnerability.Denial of service (DoS) May be in a state. This issue is being tracked by Cisco Bug ID CSCvo90073

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo70834. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process. SIP IP Phone Software is one set of IP phone software. This issue is being tracked by Cisco Bug IDs CSCvc61672

Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCvo90805 and CSCvo92913

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attachment with a specific pattern. A successful exploit could allow the attacker to bypass configured content filters that would normally block the attachment. AsyncOSSoftware is a set of operating systems running on it. An import validation error vulnerability exists in the scan of attachments in Cisco ESA due to the program failing to perform correct input validation on the body of the message. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvp88949

A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. The vulnerability is due to insufficient input validation of shell commands. An attacker could exploit this vulnerability by executing crafted commands in the shell. A successful exploit could allow the attacker to escape the restricted shell and access commands in the context of the restricted shell user, which does not have root privileges. A local attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvj07167

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account. Cisco Jabber Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Jabber for Windows is prone to an local arbitrary code-execution vulnerability. Failed exploit attempts will result in a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo55994 and CSCvo63008. Versions prior to Cisco Jabber for Windows 12.6(0) are vulnerable. The program provides online status display, instant messaging, voice and other functions

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation mechanisms for certain fields in HTTP/HTTPS requests sent through an affected device. A successful attacker could exploit this vulnerability by sending a malicious HTTP/HTTPS request through an affected device. An exploit could allow the attacker to force the device to stop processing traffic, resulting in a DoS condition. The device provides SaaS-based access control, real-time network reporting and tracking, and security policy development. AsyncOSSoftware is a set of operating systems used in it. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvo29853

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. The Cisco Nexus 9000 Series Fabric Switches is a 9000 series fabric switch from Cisco. This issue is being tracked by Cisco Bug CSCvp64280

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass configured message filters and inject arbitrary scripting code inside the email body. The malicious code is not executed by default unless the recipient's email client is configured to execute scripts contained in emails. AsyncOSSoftware is a set of operating systems running on it. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo55451

A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. The device provides SaaS-based access control, real-time network reporting and tracking, and security policy development. AsyncOS Software is a set of operating systems used in it. This issue is being tracked by Cisco Bug ID CSCvo33747