VARIoT IoT vulnerabilities database
| VAR-201908-1451 | CVE-2017-18484 | Cognitoys Dino Cross-site scripting vulnerability in devices |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cognitoys Dino devices allow XSS via the SSID. Cognitoys Dino The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy produced by American Crunchbase Company. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
| VAR-201908-1728 | CVE-2018-20956 | Swann SWWHD-INTCAM-HD Vulnerability related to information disclosure from log files on devices |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. Swann SWWHD-INTCAM-HD The device contains a vulnerability related to information disclosure from log files.Information may be obtained. Infinova Swann SWWHD-INTCAM-HD is a webcam from Infinova. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. Infinova Swann SWWHD-INTCAM-HD is a network camera produced by Infinova
| VAR-201908-1787 | CVE-2019-11208 | TIBCO Software Inc. TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric Authorization vulnerability |
CVSS V2: 6.5 CVSS V3: 9.9 Severity: CRITICAL |
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions. TIBCO Software Inc. The platform mainly provides functions such as high-speed receiving, routing and forwarding of requests, and routing of requests between requesters and service endpoints. An attacker could exploit this vulnerability to elevate privileges
| VAR-201908-0438 | CVE-2019-13101 |
D-Link DIR-600M Authentication vulnerabilities in devices
Related entries in the VARIoT exploits database: VAR-E-201908-0016 |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. D-Link DIR-600M The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-600M is a wireless router from Taiwan D-Link.
A security vulnerability exists in D-Link DIR-600M, which originates from the fact that users can directly access the wan.htm file without authentication
| VAR-201908-0532 | CVE-2019-14681 | WordPress for Deny All Firewall Plug-in cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF. WordPress for Deny All Firewall The plug-in contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
| VAR-201908-1121 | CVE-2016-10864 | NETGEAR EX7000 Cross-Site Scripting Vulnerability |
CVSS V2: 2.9 CVSS V3: 5.2 Severity: MEDIUM |
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. NETGEAR EX7000 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETGEAR EX7000 is a wireless router from NETGEAR. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code
| VAR-201908-2196 | No CVE | Command execution vulnerability in APN GW series of Shenzhen Aolian Technology Co., Ltd. |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Shenzhen Aolian Technology Co., Ltd. is a high-tech enterprise and a double-soft enterprise in Shenzhen.
Command execution vulnerability exists in Shenzhen Aolian Technology Co., Ltd.'s APN GW series products. Attackers can use this vulnerability to obtain server permissions.
| VAR-201908-1729 | CVE-2018-20957 | Tapplock Bluetooth Low Energy Subsystem Access Control Error Vulnerability |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. Tapplock The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Tapplock is a smart lock.
An access control error vulnerability exists in the BLE subsystem in versions prior to Tapplock 2018-06-12. Attackers can use this vulnerability to implement replay attacks
| VAR-201908-1727 | CVE-2018-20955 | Infinova Swann SWWHD-INTCAM-HD Trust Management Issue Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. Swann SWWHD-INTCAM-HD The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Infinova Swann SWWHD-INTCAM-HD is a webcam from Infinova. A vulnerability management issue vulnerability exists in the Infinova Swann SWWHD-INTCAM-HD device. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. Infinova Swann SWWHD-INTCAM-HD is a network camera produced by Infinova. to attack affected components
| VAR-201908-0857 | CVE-2019-13176 | 3CX Phone system management console In XML External entity vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS)
| VAR-201908-1961 | CVE-2019-1954 | Cisco Webex Meetings Server Software open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in the WebEx conference solution
| VAR-201908-0408 | CVE-2019-5236 | Huawei Emily-L29C Double release vulnerability |
CVSS V2: 6.8 CVSS V3: 6.3 Severity: MEDIUM |
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Huawei Honor V20 Contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Emily-L29C is a smartphone from China's Huawei.
A security vulnerability exists in Huawei Emily-L29C. The following products and versions are affected: Huawei Emily-L29C Version 8.1.0.132a(C432), Version 8.1.0.135(C782), Version 8.1.0.154(C10), Version 8.1.0.154(C461), Version 8.1.0.154(C635) Version, 8.1.0.156 (C185) version, 8.1.0.156 (C605) version, 8.1.0.159 (C636) version
| VAR-201908-0842 | CVE-2019-1951 | Cisco SD-WAN Solution Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 5.8 Severity: MEDIUM |
A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet in the network. Cisco SD-WAN Solution Contains an input validation vulnerability.Information may be tampered with. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco). The vulnerability stems from the failure of the network system or product to properly validate the input data
| VAR-201908-0541 | CVE-2019-1927 | Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is caused by the program not properly validating ARF and WRF files
| VAR-201908-0542 | CVE-2019-1928 | Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is caused by the program not properly validating ARF and WRF files
| VAR-201908-1008 | CVE-2019-1918 | Cisco IOS XR Software input validation vulnerability |
CVSS V2: 6.1 CVSS V3: 7.4 Severity: HIGH |
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IS–IS link-state protocol data units (PDUs). An attacker could exploit this vulnerability by sending specific link-state PDUs to an affected system to be processed. A successful exploit could allow the attacker to cause incorrect calculations used in the weighted remote shared risk link groups (SRLG) or in the IGP Flexible Algorithm. It could also cause tracebacks to the logs or potentially cause the receiving device to crash the IS–IS process, resulting in a DoS condition. Cisco IOS XR The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS XR is an operating system developed by Cisco for its network equipment. Attackers can exploit this vulnerabilityvulnerability to crash the IS–IS process, resulting in denial of service
| VAR-201908-0833 | CVE-2019-1955 | Cisco Email Security Appliance of AsyncOS Software input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to incomplete input and validation checking mechanisms for certain SPF messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. A successful exploit could allow the attacker to bypass the header filters that are configured for the affected device, which could allow malicious content to pass through the device. AsyncOS Software is a set of operating systems running on it
| VAR-201908-0543 | CVE-2019-1934 | Cisco Adaptive Security Appliance Authorization vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login. Cisco Adaptive Security Appliance (ASA) Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. There is an authorization problem vulnerability in Cisco ASA Software 8.2 and later versions
| VAR-201908-0841 | CVE-2019-1970 | Cisco Firepower Threat Defense Vulnerability related to failure of protection mechanism in software |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors when handling specific SSL/TLS messages. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. Cisco Firepower Threat Defense (FTD) The software is vulnerable to a defect in the protection mechanism.Information may be tampered with
| VAR-201908-1009 | CVE-2019-1924 | Microsoft Windows for Cisco Webex Network Recording Player and Webex Player Buffer error vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user