VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC PCS 7 and SIMATIC WinCC are products of Siemens AG, Germany. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The SIMATIC WinCC DataMonitor web is one of the data analysis and display components. A security vulnerability exists in the SIMATIC WinCC DataMonitor web in several Siemens products. Siemens SIMATIC WinCC and SIMATIC PCS 7 are prone to an arbitrary file-upload vulnerability

Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs. DDRT Dashcom Live Contains an information disclosure vulnerability.Information may be obtained. DDRT Dashcom Live is a complaint handling software. There is an information disclosure vulnerability in DDRT Dashcom Live 2019-05-09 and previous versions, which is caused by the lack of authentication protection in the file viewing component

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway Contains an injection vulnerability.Information may be altered. SAP Gateway is prone to a content injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied content to be passed in context of the affected application ; Other attacks are also possible. The product supports non-SAP applications to connect to SAP applications, and can also connect and access SAP applications on mobile devices. ------------------------------------------ [VulnerabilityType Other] Content Spoofing ------------------------------------------ [Vendor of Product] SAP ------------------------------------------ [Affected Product] SAPUI5 1.0.0 and the SAP Gateway versions 7.5, 7.51, 7.52 and 7.53 ------------------------------------------ [PoC] Tested in SAPUI5 1.0.0 PoC: https://sapmobile.target.com/sap/opu/odata/UI2/INTEROP/PersContainers(category='P ',id='flp.settings.FlpSettings')?$expand=PersContainerItemsu1kpa_HACKED_&sap-cache-id=D49C673A8D0D275477C7CD1FBFA3EE31 ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Reference] https://capec.mitre.org/data/definitions/148.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0319 ------------------------------------------ [Discoverer] Offensive0Labs - Rafael Fontes Souza References below: "SAP Product Security Response Team seg, 8 de jul 04:33 (há 6 dias) para eu, SAP Hello Rafael, We are pleased to inform you that we are releasing the following security note on July Patch Day 2019: Sec Incident ID(s) 1870475251 Security Note 2752614 Security Note Title [CVE-2019-0319] Content Injection Vulnerability in SAP Gateway Advisory Plan Date 10/09/2019 Delivery date of fix/Patch Day 07/09/2019 CVSS Base Score 4.3 CVSS Base Vector NLNR | U | NLN Credits go to: Offensive0Labs, Rafael Fontes Souza *Notes will be visible to customers on 9th of July 2019. https://wiki.scn.sap.com/wiki/display/PSR/Acknowledgments+to+Security+Researchers "

Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. Intel Has released an update for each product.* Privilege escalation * INTEL-SA-00267 * CVE-2018-18095 * INTEL-SA-00268 * CVE-2019-11133 * Service operation interruption (DoS) attack * INTEL-SA-00268 * CVE-2019-11133 * information leak * INTEL-SA-00268 * CVE-2019-11133. Intel Processor Diagnostic Tool is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information or cause denial-of-service conditions. Permissions and access control issues exist in versions prior to Intel IPDT 4.1.2.24. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. Zoom Client and RingCentral Contains an access control vulnerability.Information may be obtained. ZoomClient is a video conferencing terminal that supports multiple platforms from Zoom Company of the United States. There is an information disclosure vulnerability in ZoomClient. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. Sony Bravia Smart TV The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sony BRAVIA SmartTVs is a smart TV from Sony Corporation of Japan. There are security holes in SonyBRAVIASmartTVs. An attacker could exploit the vulnerability to cause a video card screen that could not respond, crashed the program, and caused the TV to reboot. ## ADVISORY INFORMATION TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs ADVISORY URL: CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/ DATE PUBLISHED: 02/07/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated release CVE: CVE-2019-11889, CVE-2019-11890 CVSSv3 for CVE-2019-11889: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3 for CVE-2019-11890: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## PRODUCT DESCRIPTION BRAVIA is a brand of Sony Visual Products known as Smart TVs. These Smart TVs are known to be high standard products. ## DETAILS OF VULNERABILITIES xen1thLabs has found two vulnerabilities in Sony products and coordinated the disclosure of these security flaws with Sony. The list of affected models has not been shared by Sony. The summary of the vulnerabilities is: - CVE-2019-11889 Sony Remote Denial-of-Service Triggered Over HbbTV Vulnerability: This vulnerability allows an attacker to remotely crash the HbbTV rendering engine and block the TV - CVE-2019-11890 Sony Remote Denial-of-Service Over Wifi / LAN / Internet Vulnerability: This vulnerability allows an attacker to remotely crash the Smart TV using TCP packets. ### 1. CVE-2019-11889 Sony Remote Denial-of-Service Triggered Over HbbTV Vulnerability By sending a specifically crafted webpage over HbbTV it is possible to freeze the television remotely. (please see the presentation at HiTB Dubai 2018 for HbbTV description https://conference.hitb.org/hitbsecconf2018dxb/sessions/hacking-into-broadband-and-broadcast-tv-systems/), The remote control does not appear to work except the PROG+ and PROG- buttons. Only changing channels allows to 'un-freeze' the television. Android is supposed to kill blocked applications. In order to reproduce the behavior, start by generating a webpage using: ``` dd if=/dev/zero of=index.html bs=1M count=2048 ```` Using the software-defined radio, send a DVB-T signal containing a HbbTV application that force the targeted Smart TV to load a file from a controlled server. By forcing the Smart TV to load the generated file, it can be observed from the logs, only between 180KB and 250KB are served before the HbbTV application freezes: ``` vaccess.log:127.0.1.1:80 192.168.1.191 - - [01/Apr/2019:06:40:54 -0400] "GET /hbbtvtest/test3/ HTTP/1.1" 200 178647 "http://x.test/hbbtvtest/index.php" "Mozilla/5.0 (Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 OPR/29.0.1803.0 OMI/4.5.23.37.ALSAN5.131 HbbTV/1.2.1 (; Sony; KD-65X7500D; v1.000000000; 2016;) sony.hbbtv.tv.2016HE" ```` ``` vaccess.log.1:127.0.1.1:80 192.168.1.191 - - [01/Apr/2019:02:36:16 -0400] "GET /hbbtvtest/test3/ HTTP/1.1" 200 170543 "http://x.test/hbbtvtest/index.php" "Mozilla/5.0 (Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 OPR/29.0.1803.0 OMI/4.5.23.37.ALSAN5.131 HbbTV/1.2.1 (; Sony; KD-65X7500D; v1.000000000; 2016;) sony.hbbtv.tv.2016HE" ```` Sony investigated the issue and shared the following analysis: "MITM attack by http connection is caused by the specification of the HbbTV service". ### 2. No PoC is released due to low complexity level of exploitation as Sony is not planning to release a security patch. Sony investigated the issue and shared the following analysis: "The Sony Product teams have conducted additional research regarding the submission and identified the following: CVE-2019-1189: DoS over WiFi /LAN - This is due to the performance of the interrupt operation in the Linux driver". ## SOLUTION Sony provided the following recommendation: "Sony's manual instructs users to: Make sure to connect to the Internet or home network via a router, which will minimize this risk. In addition, these two symptoms can be recovered by unplugging the power supply cable. The TV cannot be broken and there is no internal data that can be stolen by these actions." (May 30th, 2019). And informed xen1thLabs that: "we will not be releasing any notifications." (June 19th, 2019). ## DISCLOSURE TIMELINE 01/04/2019 - Vulnerabilities have been found by xen1thLabs 28/04/2019 - xen1thLabs send the report to Sony through their HackerOne Bug bounty program 02/05/2019 - Updates requested from xen1thLabs through HackerOne 10/05/2019 - Vulnerabilities have been confirmed by Sony through HackerOne 14/05/2019 - xen1thLabs requests a CVE from MITRE 30/05/2019 - Sony inform xen1thLabs of the solutions recommended for users through HackerOne 30/05/2019 - xen1thLabs request the confirmation from Sony that no security patches will be provided through HackerOne 07/06/2019 - Sony informs the following "Due to the evaluation conducted by our product team we will be closing out this ticket" through HackerOne 26/06/2019 - Public disclosure ## CREDITS xen1thLabs - Telecom Lab ## REFERENCES CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/ Sony will not publish any security advisory nor release any security patch. ## ABOUT xen1thLabs xen1thLabs conducts vulnerability research, which feeds in the testing and validation activities it conducts across software, hardware and telecommunication. xen1thLabs houses a team of world-class experts dedicated to providing high impact capabilities in cyber security. At xen1thLabs we are committed to uncovering new vulnerabilities that combat tomorrow's threats today. More information about xen1thLabs can be found at: https://www.darkmatter.ae/xen1thlabs/ ## WORKING AT xen1thLabs xen1thLabs is looking for several security researchers across multiple disciplines. Join a great team of likeminded specialists and enjoy all that UAE has to offer! If you are interested please visit: https://www.darkmatter.ae/xen1thlabs/

Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. Sony Bravia Smart TV The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Sony BRAVIA Smart TVs is a smart TV from Sony Corporation in Japan. There are security holes in Sony BRAVIA Smart TVs. ## ADVISORY INFORMATION TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs ADVISORY URL: CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/ DATE PUBLISHED: 02/07/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated release CVE: CVE-2019-11889, CVE-2019-11890 CVSSv3 for CVE-2019-11889: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3 for CVE-2019-11890: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## PRODUCT DESCRIPTION BRAVIA is a brand of Sony Visual Products known as Smart TVs. These Smart TVs are known to be high standard products. ## DETAILS OF VULNERABILITIES xen1thLabs has found two vulnerabilities in Sony products and coordinated the disclosure of these security flaws with Sony. The list of affected models has not been shared by Sony. The summary of the vulnerabilities is: - CVE-2019-11889 Sony Remote Denial-of-Service Triggered Over HbbTV Vulnerability: This vulnerability allows an attacker to remotely crash the HbbTV rendering engine and block the TV - CVE-2019-11890 Sony Remote Denial-of-Service Over Wifi / LAN / Internet Vulnerability: This vulnerability allows an attacker to remotely crash the Smart TV using TCP packets. ### 1. (please see the presentation at HiTB Dubai 2018 for HbbTV description https://conference.hitb.org/hitbsecconf2018dxb/sessions/hacking-into-broadband-and-broadcast-tv-systems/), The remote control does not appear to work except the PROG+ and PROG- buttons. Only changing channels allows to 'un-freeze' the television. Android is supposed to kill blocked applications. In order to reproduce the behavior, start by generating a webpage using: ``` dd if=/dev/zero of=index.html bs=1M count=2048 ```` Using the software-defined radio, send a DVB-T signal containing a HbbTV application that force the targeted Smart TV to load a file from a controlled server. By forcing the Smart TV to load the generated file, it can be observed from the logs, only between 180KB and 250KB are served before the HbbTV application freezes: ``` vaccess.log:127.0.1.1:80 192.168.1.191 - - [01/Apr/2019:06:40:54 -0400] "GET /hbbtvtest/test3/ HTTP/1.1" 200 178647 "http://x.test/hbbtvtest/index.php" "Mozilla/5.0 (Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 OPR/29.0.1803.0 OMI/4.5.23.37.ALSAN5.131 HbbTV/1.2.1 (; Sony; KD-65X7500D; v1.000000000; 2016;) sony.hbbtv.tv.2016HE" ```` ``` vaccess.log.1:127.0.1.1:80 192.168.1.191 - - [01/Apr/2019:02:36:16 -0400] "GET /hbbtvtest/test3/ HTTP/1.1" 200 170543 "http://x.test/hbbtvtest/index.php" "Mozilla/5.0 (Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 OPR/29.0.1803.0 OMI/4.5.23.37.ALSAN5.131 HbbTV/1.2.1 (; Sony; KD-65X7500D; v1.000000000; 2016;) sony.hbbtv.tv.2016HE" ```` Sony investigated the issue and shared the following analysis: "MITM attack by http connection is caused by the specification of the HbbTV service". ### 2. CVE-2019-11890 Sony Remote Denial-of-Service Over Wifi / LAN / Internet Vulnerability An unauthenticated remote attacker can synflood the Smart TV over LAN and Wi-Fi, the smart television freezes and becomes irresponsive, some programs crash and the television reboots randomly. No PoC is released due to low complexity level of exploitation as Sony is not planning to release a security patch. Sony investigated the issue and shared the following analysis: "The Sony Product teams have conducted additional research regarding the submission and identified the following: CVE-2019-1189: DoS over WiFi /LAN - This is due to the performance of the interrupt operation in the Linux driver". ## SOLUTION Sony provided the following recommendation: "Sony's manual instructs users to: Make sure to connect to the Internet or home network via a router, which will minimize this risk. In addition, these two symptoms can be recovered by unplugging the power supply cable. The TV cannot be broken and there is no internal data that can be stolen by these actions." (May 30th, 2019). And informed xen1thLabs that: "we will not be releasing any notifications." (June 19th, 2019). ## DISCLOSURE TIMELINE 01/04/2019 - Vulnerabilities have been found by xen1thLabs 28/04/2019 - xen1thLabs send the report to Sony through their HackerOne Bug bounty program 02/05/2019 - Updates requested from xen1thLabs through HackerOne 10/05/2019 - Vulnerabilities have been confirmed by Sony through HackerOne 14/05/2019 - xen1thLabs requests a CVE from MITRE 30/05/2019 - Sony inform xen1thLabs of the solutions recommended for users through HackerOne 30/05/2019 - xen1thLabs request the confirmation from Sony that no security patches will be provided through HackerOne 07/06/2019 - Sony informs the following "Due to the evaluation conducted by our product team we will be closing out this ticket" through HackerOne 26/06/2019 - Public disclosure ## CREDITS xen1thLabs - Telecom Lab ## REFERENCES CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-over-wifi-lan-internet-vulnerability-xl-19-013/ Sony will not publish any security advisory nor release any security patch. ## ABOUT xen1thLabs xen1thLabs conducts vulnerability research, which feeds in the testing and validation activities it conducts across software, hardware and telecommunication. xen1thLabs houses a team of world-class experts dedicated to providing high impact capabilities in cyber security. At xen1thLabs we are committed to uncovering new vulnerabilities that combat tomorrow's threats today. More information about xen1thLabs can be found at: https://www.darkmatter.ae/xen1thlabs/ ## WORKING AT xen1thLabs xen1thLabs is looking for several security researchers across multiple disciplines. Join a great team of likeminded specialists and enjoy all that UAE has to offer! If you are interested please visit: https://www.darkmatter.ae/xen1thlabs/

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info. Dynacolor FCM-MB40 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan. A security vulnerability exists in Dynacolor FCM-MB40 v1.2.0.0, which is caused by the program storing plain text in plain text in /etc/appWeb/appweb.pass. An attacker could exploit the vulnerability to retrieve these credentials. There is a security vulnerability in Dynacolor FCM-MB40 v1.2.0.0

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi. Dynacolor FCM-MB40 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0 release

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation. Dynacolor FCM-MB40 The device contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan. A trust management issue vulnerability exists in Dynacolor FCM-MB40 v1.2.0.0. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. to attack affected components

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset. Dynacolor FCM-MB40 The device contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0 release. The vulnerability stems from the /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi file failing to execute the full Factory settings recovery process. There are currently no detailed details of the vulnerability provided

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/. Dynacolor FCM-MB40 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DynacolorFCM-MB40 is an IP camera from Dynacolor, Taiwan. There is a cross-site request forgery vulnerability in the script under cgi-bin/ in DynacolorFCM-MB40v1.2.0.0. This vulnerability is caused by the network system or product not fully verifying the source or authenticity of the data, and the attacker can use the forged data. attack

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. AVTECH Room Alert 3E The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVTECH Software Room Alert 3E is a device used by AVTECH Software to monitor the IT infrastructure. This product is mainly used to monitor the temperature, humidity, power, electricity and smoke of computer rooms or small data centers. There are security vulnerabilities in AVTECH Software Room Alert 3E prior to 2.2.5. An attacker could exploit this vulnerability to increase privileges

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. D-Link Central WiFi Manager CWM (100) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. D-Link Central WiFi Manager CWM (100) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. D-Link Central WiFi Manager CWM(100) Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkCentral WiFiManager (CWM-100) is a web-based wireless access point management tool that enables you to create and manage multi-site, multi-tenant wireless networks. A remote code execution vulnerability exists in /web/Lib/Action/IndexAction.class.php in previous versions of D-LinkCentral WiFiManager (CWM-100) 1.03R0100_BETA6. A remote attacker can exploit this vulnerability to execute arbitrary PHP code through cookies

Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: * For customers with release UIoT 1.6, fixes are made available with 1.6 RP603 * For customers with release UIoT 1.5, fixes are made available with 1.5 RP503 HF3 * For customers with release older than 1.5, such as 1.4.0, 1.4.1, 1.4.2 and 1.2.4.2, the resolution will be to upgrade to 1.5 RP503 HF3 or 1.6 RP603 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. HPE UIoT Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There are security holes in HPE UIoT. HPE UIoT is a universal IoT platform from Hewlett Packard Enterprise (HPE). The platform has functions such as data analysis, currency security and synchronization management. The following products and versions are affected: HPE UIoT Version 1.6, Version 1.5, Version 1.4.2, Version 1.4.1, Version 1.4.0, Version 1.2.4.2. HP UIoT is prone to an unauthorized-access vulnerability. HP UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 are vulnerable

Invoxia NVX220 devices allow TELNET access as admin with a default password. Invoxia NVX220 The device is vulnerable to the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Invoxia NVX220 is an IP phone from Invoxia, France. A vulnerability management issue vulnerability exists in InvoxiaNVX220. An attacker could exploit this vulnerability to access a custom CLI

Digisol Wireless Wifi Home Router HR-3300 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLSYSTEMSWirelessWifiHomeRouterHR-3300 is a home wireless router from DIGISOLSYSTEMS, India. A cross-site scripting vulnerability exists in DIGISOLSYSTEMSWirelessWifiHomeRouterHR-3300. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code