VARIoT IoT vulnerabilities database

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. Cisco TelePresence Endpoint is prone to a command-injection vulnerability. This issue is being tracked by Cisco Bug ID CSCvo28194. The following products of the Cisco are vulnerable: Cisco TelePresence Integrator C Series Cisco TelePresence EX Series Cisco TelePresence MX Series Cisco TelePresence SX Series Cisco Webex Room Series. Collaboration Endpoint (CE) Software is a set of terminal collaboration software

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvp02883. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Successful exploits may allow an attacker to cause denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed. This issue is being tracked by Cisco Bug ID CSCvo36079. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A buffer error vulnerability exists in the firmware signature checker in Cisco IMC

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvo13639. This software is mainly used in the link environment with small bandwidth and large delay

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow an attacker to view sensitive system data. This issue is being tracked by Cisco bug ID CSCvn96947. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn96946

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. Cisco Prime Infrastructure (PI) Vulnerabilities related to authorization, authority, and access controlInformation may be tampered with. This issue is being tracked by Cisco Bug ID CSCvo46881. The product integrates Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS). Virtual Domain system is one of the virtual domain systems

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. This issue is tracked by Cisco Bug ID CSCvp33120. Cisco Security Manager (CSM) is a set of enterprise-level management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion prevention security services on Cisco network and security devices. A code issue vulnerability exists in Cisco CSM where the program does not properly constrain XML entities

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. Teltonika RTU950 The device contains a vulnerability related to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. TeltonikaRUT950 is a LET router product from Teltonika, Lithuania. There is a security vulnerability in the TeltonikaRTU950R_31.04.89 release

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted GZIP-compressed file. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo82840. AsyncOS Software is a set of operating systems running on it

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. An attacker can leverage this issue to cause denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. This issue is being tracked by Cisco Bug ID CSCvo36016

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. This issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64). TP-Link TL-WR1043ND The device contains vulnerabilities related to certificate and password management.Information may be obtained. The TP-LinkTL-WR1043ND is a wireless router from China Unicom (TP-Link). An encryption problem vulnerability exists in TP-LinkTL-WR1043NDV2. The vulnerability stems from the fact that the network system or product does not properly use the relevant cryptographic algorithm. The vulnerability can be exploited by an attacker to cause content to be incorrectly encrypted, weakly encrypted, and plaintext storage sensitive information. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials. TP-Link TL-WR1043ND The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkTL-WR1043ND is a wireless router from China Unicom (TP-Link). An authorization vulnerability exists in TP-LinkTL-WR1043NDV2. The vulnerability stems from a lack of authentication in the network system or product or insufficient strength of authentication. There are currently no detailed details of the vulnerability provided

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by adding specific strings to multiple configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo33891. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability. Cisco StarOS Contains a vulnerability in uninitialized pointer access.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS is a router operating system that controls the entire system logic and controls the process and CLI. Cisco StarOS is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvn06757. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco). Virtualized Packet Core-Distributed Instance (VPC-DI) is a production version of StarOS software deployed on a dedicated hardware platform. The following products and versions are affected: Cisco Virtualized Packet Core-Single Instance (VPC-SI); Virtualized Packet Core-Distributed Instance (VPC-DI)

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges. Cisco Integrated Management Controller (IMC) Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvo01184. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions