VARIoT IoT vulnerabilities database

A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exploit this vulnerability by sending a malicious HTTPS CONNECT message to the Central Manager. A successful exploit could allow the attacker to access public internet resources that would normally be blocked by corporate policies. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvo13639. This software is mainly used in the link environment with small bandwidth and large delay

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow an attacker to view sensitive system data. This issue is being tracked by Cisco bug ID CSCvn96947. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on the affected device. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn96946

A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. Cisco Prime Infrastructure (PI) Vulnerabilities related to authorization, authority, and access controlInformation may be tampered with. This issue is being tracked by Cisco Bug ID CSCvo46881. The product integrates Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS). Virtual Domain system is one of the virtual domain systems

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. This issue is tracked by Cisco Bug ID CSCvp33120. Cisco Security Manager (CSM) is a set of enterprise-level management applications from Cisco, which is mainly used to configure firewall, VPN and intrusion prevention security services on Cisco network and security devices. A code issue vulnerability exists in Cisco CSM where the program does not properly constrain XML entities

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. Teltonika RTU950 The device contains a vulnerability related to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. TeltonikaRUT950 is a LET router product from Teltonika, Lithuania. There is a security vulnerability in the TeltonikaRTU950R_31.04.89 release

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted GZIP-compressed file. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo82840. AsyncOS Software is a set of operating systems running on it

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. An attacker can leverage this issue to cause denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. This issue is being tracked by Cisco Bug ID CSCvo36016

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. This issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64). TP-Link TL-WR1043ND The device contains vulnerabilities related to certificate and password management.Information may be obtained. The TP-LinkTL-WR1043ND is a wireless router from China Unicom (TP-Link). An encryption problem vulnerability exists in TP-LinkTL-WR1043NDV2. The vulnerability stems from the fact that the network system or product does not properly use the relevant cryptographic algorithm. The vulnerability can be exploited by an attacker to cause content to be incorrectly encrypted, weakly encrypted, and plaintext storage sensitive information. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials. TP-Link TL-WR1043ND The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkTL-WR1043ND is a wireless router from China Unicom (TP-Link). An authorization vulnerability exists in TP-LinkTL-WR1043NDV2. The vulnerability stems from a lack of authentication in the network system or product or insufficient strength of authentication. There are currently no detailed details of the vulnerability provided

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by adding specific strings to multiple configuration fields. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo33891. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service interface from receiving any traffic, which would lead to a DoS condition on the affected interface. The device may have to be manually reloaded to recover from exploitation of this vulnerability. Cisco StarOS Contains a vulnerability in uninitialized pointer access.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco StarOS is a router operating system that controls the entire system logic and controls the process and CLI. Cisco StarOS is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvn06757. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco). Virtualized Packet Core-Distributed Instance (VPC-DI) is a production version of StarOS software deployed on a dedicated hardware platform. The following products and versions are affected: Cisco Virtualized Packet Core-Single Instance (VPC-SI); Virtualized Packet Core-Distributed Instance (VPC-DI)

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges. Cisco Integrated Management Controller (IMC) Contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvo01184. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCvo99235. This product mainly provides e-mail, chat and Web callback functions for other Cisco solutions

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. Cisco DNA Center Software is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions with administrative privileges. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvj03748. The solution scales and protects devices, applications, and more within the network

A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. Cisco SD-WAN Solution Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN Solution is prone to a remote command-injection vulnerability. This issue is being tracked by Cisco Bug IDs CSCvi46909, CSCvi59723, and CSCvi59724. CLI is one of those command line interfaces

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus. plural Zoho ManageEngine The product contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZOHO ManageEngine Desktop Central (DC) and so on are all products of ZOHO Company of the United States. ManageEngine Desktop Central is a desktop management solution. ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software (ITSM) based on ITIL architecture. ZOHO ManageEngine EventLog Analyzer is a set of system and event log analysis software. There are authorization problem vulnerabilities in many ZOHO products. The vulnerability is caused by the program assigning incorrect permissions to the \\%SYSTEMDRIVE\\%ManageEngine directory and its subfolders