VARIoT IoT vulnerabilities database

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-12087Denial of service (DoS) May be in a state. The Samsung S9+ and others are all smartphones of the South Korean company Samsung. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. Lifesize Icon Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lifesize Icon is a set of video conferencing system of American Lifesize company. The vulnerability stems from the failure of the network system or product to properly validate the input data

An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. Anker Roav A1 Dashcam Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. Anker Roav A1 Dashcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. Anker Roav A1 Dashcam Contains a security feature vulnerability.Denial of service (DoS) May be in a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Roav A1 Dashcam Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Roav A1 Dashcam is a car HD camera. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. Roav A1 Dashcam Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Anker Roav A1 Dashcam is a car HD camera. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. Anker Roav A1 Dashcam Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. Anker Roav A1 Dashcam Contains a permission vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. Anker Roav A1 Dashcam Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. The vulnerability stems from the failure of the network system or product to properly validate the input data

An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. Anker Roav A1 Dashcam Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. ASUS RT-AC3200 Contains a cross-site request forgery vulnerability.Information may be tampered with. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. LG GAMP-7100 , GAPM-7200 , GAPM-8000 The router contains an information disclosure vulnerability.Information may be obtained. LG GAMP-7100 is a router from LG. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. ASUS RT-AC3200 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. ASUS RT-AC3200 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter. ASUS RT-AC3200 Contains a format string vulnerability.Information may be obtained and information may be altered. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the lax filtering of parameter types and quantities when network systems or products receive external formatted strings as parameters

Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. Xerox ColorQube 8580 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Xerox ColorQube 8580 is a multi-function printer produced by Xerox in the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

FourFaith is a provider of IoT wireless communication products and solutions. The FourFaith industrial router has a remote command execution vulnerability that can be exploited by an attacker to log in to the web management interface to execute arbitrary commands with admin privileges.

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. The Century Star Menu.ocx control Re *** method has a stack overflow vulnerability. An attacker can trick users who have installed this control to visit malicious webpages, and then trigger the vulnerability, remotely execute malicious code on the user system, and finally gain control of the user system. CSMaker Development system and CSViewer Composition of the operating system