VARIoT IoT vulnerabilities database

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. Auerswald COMfort 1200 IP phone Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). Yeahlink Ultra-elegant IP Phone SIP-T41P Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote code execution via a POST request (ManufacturerName parameter) to the web server on the device. The web server is running with root privileges and the injected code will also run with root privileges. Auerswald COMfort 1200 IP phone Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Auerswald COMfort 1200 IP phone is an IP phone produced by German Auerswald company. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. Yeahlink Ultra-elegant IP Phone SIP-T41P Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. YealinkYeahlinkUltra-elegantIPPhoneSIP-T41P is an IP phone from China's Yealink. A command injection vulnerability exists in the networkdiagnostic feature of YealinkYeahlinkUltra-elegantIPPhoneSIP-T41P using 66.83.0.35 firmware. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction. Bosch Smart Home Controller (SHC) Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges. Emerson Ovation OCR400 Controller Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Ovation OCR400 Controller is prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Emerson Electric Ovation OCR400 Controller is a logic controller of Emerson Electric (Emerson Electric). This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long command to the FTP service, which may cause memory corruption that halts the controller or leads to remote code execution and escalation of privileges. Emerson Ovation OCR400 Controller Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Emerson Ovation OCR400 Controller is prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Emerson Electric Ovation OCR400 Controller is a logic controller of Emerson Electric (Emerson Electric). This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. iBall Baton The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iBallBatoniB-WRB302N is a wireless router from iBall India. A trust management issue vulnerability exists in the iBallBatoniB-WRB302N20122017 release. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. to attack affected components

Shenzhen Hexin Automation Technology Co., Ltd. is a company mainly engaged in PLC, HMI, servo, dedicated control system, remote I / O and field network products. Hexin MagicWorks HMI wintab32 has a dll hijacking vulnerability, which can be used by an attacker to execute malicious code

Shenzhen Huichuan Technology Co., Ltd. is a company mainly engaged in the research and development, production and sales of industrial automation control products, positioning services for mid-to-high-end equipment manufacturers. There is a memory corruption vulnerability in the HTCododor.htd project file, which can be used by an attacker to execute malicious code

LS Power Generation is a company mainly engaged in programmable controllers, frequency converters, DC motor speed controllers, uninterruptible power supplies, high-voltage electrical appliances, low-voltage electrical appliances, and power electronic equipment. LSIS KGL_WIN local has a dll hijacking vulnerability that can be used by an attacker to execute malicious code

Nandao Technology Jiangsu Co., Ltd. is a company mainly engaged in the research and development, production, sales and maintenance of industrial automation products, and the development and integration of automation control systems. There is a memory corruption vulnerability in the NATouch skm project file of NTU, and an attacker can use this vulnerability to execute malicious code

Delta Electronics Group is a company that provides total solutions for power management, video displays, industrial automation, automotive electronics, network communications products and renewable energy related products. There is a stack overflow vulnerability in the delta ScreenEditor dop project file, which can be used by an attacker to execute malicious code

Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 820, SD 820A, SD 845 / SD 850, SDM439, SDM660, SDX20. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9650 is a central processing unit (CPU) product. A buffer overflow vulnerability exists in several Qualcomm products that could allow an attacker to cause a buffer overflow or heap overflow. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9650; MSM8909W; MSM8996AU; Qualcomm 215; SD 210; SD 212; SD 205; SD 450; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 650/52; SD 820; SD 820A; SD 845; SD 850; SDM439;

Possibility of double free issue while running multiple instances of smp2p test because of proper protection is missing while using global variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. A resource management error vulnerability exists in several Qualcomm products. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; MSM8996AU; QCS605; /16; SD 415; SD 625; SD 632; SD 636; SD 650/52; SD 712; SD 710; SD 670; SD 820A; SD 835; SD 845; SD 850; SD 855; SDM660; SDX20; SDX24