VARIoT IoT vulnerabilities database

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. Intelbras IWR 3000N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router from Intelbras Poland. An input validation error vulnerability exists in Intelbras IWR 3000N version 1.5.0. The vulnerability stems from the failure of the network system or product to properly validate the input data

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. TRENDnet TV-IP110WN The camera contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTV-IP110WN is a wireless webcam from TRENDnet. A buffer overflow vulnerability exists in the system.cgi file in TRENDnetTV-IP110WN. This vulnerability is caused by a network system or product performing an operation on memory that does not properly validate data boundaries, causing incorrect read and write to other associated memory locations. operating. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. write operation

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. Intelbras IWR 3000N The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router produced by Intelbras in Poland. There is a cross-site request forgery vulnerability in Intelbras IWR 3000N version 1.5.0, which is caused by the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. TRENDnet TEW-632BRP The router contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-632BRP is a 300Mbps wireless home router. The apply.cgi in TRENDnet TEW-632BRP 1.010B32 has a buffer overflow vulnerability. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not verified correctly, which leads to the execution of other associated memory locations. Bad read and write operations

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. Intelbras IWR 3000N The device contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intelbras IWR 3000N is a wireless router produced by Intelbras in Poland. There is an authorization problem vulnerability in Intelbras IWR 3000N version 1.5.0. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. plural Lenovo The product contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. Dolby DAX2 API Service is an audio service component of Dolby Laboratories. An attacker could exploit this vulnerability to cause a denial of service

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. plural Lenovo System x The product contains a vulnerability related to information disclosure from log files.Information may be obtained. LenovoFlexSystemx240M4 and so on are all servers of China Lenovo. A security vulnerability exists in several Lenovo products that originated from the FFDC recording the private key of the web server in a log file. An attacker could exploit the vulnerability to disclose information. There are security vulnerabilities in several Lenovo products. The following products are affected: Lenovo Flex System x240 M4; Flex System x240 M5; Flex System x280 X6; Flex System x440 M4; Flex System x480 X6; Flex System x880; NeXtScale nx360 M5; (ThinkAgile CX2200/4200/4600); System x3650 M5; System x3750 M4; System x3850 X6; System x3950 X6; BladeCenter HS22; BladeCenter HS23; BladeCenter HS23E; Flex System x220 M4; System x280 M4; Flex System x440 M4; Flex System x480 M4; Flex System x880 M4; iDataPlex dx360 M4; iDataPlex dx360 M4 Water Cooled; x3300 M4; System x3500 M4; System x3530 M4; System x3550 M4; System x3630 M4; System x3650 M4;

A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. IBM System x and BladeCenter There is an input validation vulnerability in the system.Service operation interruption (DoS) There is a possibility of being put into a state. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: IBM BladeCenter HS23E; System x3530 M4; System x3630 M4; System x3650 M4 BD

PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc). PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Motorola CX2 and M2 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Motorola CX2 is a wireless router. hnap is one of the Home Network Administration Protocol (home network management protocol). There is a command injection vulnerability in the 'downloadFirmware' function of hnap in Motorola CX2 version 1.01 and Motorola M2 version 1.01. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Motorola CX2 and M2 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Motorola CX2 is a wireless router. hnap is one of the Home Network Administration Protocol (home network management protocol). There is a command injection vulnerability in the 'startRmtAssist' function of hnap in Motorola CX2 version 1.01 and Motorola M2 version 1.01. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Motorola CX2 is a wireless router

In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. Motorola CX2 and M2 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Motorola M2 and Motorola CX2 are products of Motorola. The Motorola M2 is a smartphone. Motorola CX2 is a wireless router. A security vulnerability exists in Motorola CX2 version 1.01 and Motorola M2 version 1.01. An attacker can exploit this vulnerability to access the router's /priv_mgt.html Web page

Siemens (China) Co., Ltd. is specialized in the fields of electrification, automation and digitization. S7 300 CPU319-3 / CP343-1 has a denial of service vulnerability. An attacker can cause the PLC CPU module and CP module to go down. You need to restart the PLC manually to recover. Other sub-function codes that can trigger the vulnerability include 03/12/15/18

Siemens PLC CP 343-1 model 6GK7 343-1EX30-0XE0 firmware is the communication processor. Siemens PLC CP 343-1 model 6GK7 343-1EX30-0XE0 firmware version V2.6.0 has a denial of service vulnerability. The attacker can cause the PLC to refuse to respond to the client's new COTP request, which causes the PLC and the client to fail to communicate properly. The PLC needs to be manually restarted to recover

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. Check Point ZoneAlarm is a network firewall program of Israel Check Point Company. An attacker could exploit this vulnerability to gain elevated privileges

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service. Cisco Umbrella Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo32441. The platform protects against cyber threats such as phishing, malware, and ransomware

A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is connected has port security configured. The vulnerability exists because the AP forwards some malformed wireless client packets outside of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel. An attacker could exploit this vulnerability by sending crafted wireless packets to an affected AP. A successful exploit could allow the attacker to trigger a security violation on the adjacent switch port, which could result in a DoS condition. Note: Though the Common Vulnerability Scoring System (CVSS) score corresponds to a High Security Impact Rating (SIR), this vulnerability is considered Medium because a workaround is available and exploitation requires a specific switch configuration. There are workarounds that address this vulnerability. Cisco Aironet Series Access Points (APs) Contains an input validation vulnerability.Denial of service (DoS) May be in a state. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvj96316, CSCvm97169. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). An input validation error vulnerability exists in the internal packet processing of several Cisco products. The vulnerability is caused by the network system or product not properly validating the input data. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. Cisco Wireless LAN Controller (WLC) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvj07995. This product provides functions such as security policy and intrusion detection in wireless LAN. Locally Significant Certificate (LSC) management is one of the important local certificate management components. The LSC management component in Cisco WLC Software has an input validation error vulnerability, which is caused by the network system or product not properly validating the input data

A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi frames by the affected device. An attacker could exploit this vulnerability by sending malformed Wi-Fi frames to an affected device. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a DoS condition. Cisco Aironet Access Points is prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk58560. Cisco Aironet 1560 Series APs are all products of Cisco (Cisco). There are security vulnerabilities in the quality of service (QoS) function in many Cisco products. The following products are affected: Cisco Aironet 1560 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs; Aironet 4800 Series APs