VARIoT IoT vulnerabilities database

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in subsystems in versions prior to Intel AMT 12.0.35. The vulnerability stems from the failure of the network system or product to properly validate the input data

Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. Intel NUC Kit is a small desktop computer produced by Intel Corporation of the United States. The vulnerability stems from the failure of the network system or product to properly validate the input data

Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information. XiaomiYeelightSmartAISpeaker is a smart speaker from Xiaomi Technology of China. An access control error vulnerability exists in the XiaomiYeelightSmartAISpeaker3.3.10_0074 release. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An attacker could exploit this vulnerability to gain access to webmasters

Aviosoft DVD X Player Standard is a DVD player from Aviosoft, USA. Aviosoft DVD X Player Standard software has a buffer overflow vulnerability. The vulnerability is due to the inability to handle malformed playlist files, and an attacker could exploit the vulnerability to execute arbitrary code in the context of an application.

Aviosoft DVD X Player Standard is a DVD player from Aviosoft, USA. An elevation of privilege vulnerability exists in Aviosoft DVD X Player Standard software. Allows an attacker to exploit a vulnerability to submit a specially crafted request to execute arbitrary code in the context of the application.

Aviosoft DVD X Player Standard is a DVD player from Aviosoft, USA. Aviosoft DVD X Player Standar software has an untrusted search path vulnerability. An attacker could use a malicious file in the directory to exploit the vulnerability to invoke the permissions of the application user to execute arbitrary code.

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. Modicon M580 CPU and Modicon Ethernet Module Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) CSME and SPS Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services (SPS) is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). An access control error vulnerability exists in subsystems in several Intel products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions are affected: Intel CSME before 11.x, before 12.0.35; TXE before 3.x, before 4.x; SPS before 3.x, before 4.x, SPS_E3_05.00.04 Versions prior to .027.0

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. Intel(R) CSME and TXE Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A code injection vulnerability exists in the installer in Intel CSME and Intel TXE. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data. Attackers can exploit this vulnerability to generate illegal code segments and modify the expected execution control flow of network systems or components. The following products and versions are affected: Intel CSME versions before 11.8.65, versions before 11.11.65, versions before 11.22.65, versions before 12.0.35; Intel TXE versions 3.1.65 and 4.0.15

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) CSME and SPS Contains an information disclosure vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel Server Platform Services (SPS) are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services is a server platform service program. The HECI subsystem is one of the host embedded controller interface subsystems. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. The following products and versions are affected: Intel CSME versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, versions prior to 12.0.35; Intel SPS versions prior to SPS_E3_05.00.04.027.0

Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) CSME and TXE Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Vulnerabilities in permissions and access control issues exist in the subsystems of Intel CSME versions prior to 12.0.35 and Intel TXE versions prior to 3.1.65 and 4.0.15. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel(R) CSME Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. A buffer overflow vulnerability exists in the subsystems of Intel CSME versions 12.0.0 to 12.0.34. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) SPS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Server Platform Services (SPS) is a server platform service program of Intel Corporation. Permission and access control issues exist in subsystems of Intel SPS versions prior to SPS_E3_05.00.04.027.0. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) DAL Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Dynamic Application Loader (DAL) is a dynamic application loader from Intel Corporation. The product supports running Java code on CSME firmware. A buffer overflow vulnerability exists in the subsystems of Intel DAL prior to 12.0.35. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. The vulnerability stems from the failure of the network system or product to properly validate the input data

Insufficient access control in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable information disclosure via local access. This tool is mainly used to get the latest applications provided by Intel. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. Intel(R) AMT Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An out-of-bounds write vulnerability exists in a subsystem in Intel AMT. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. Intel(R) AMT Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An input validation error vulnerability exists in a subsystem in Intel AMT. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Intel AMT versions prior to 11.8.65, versions prior to 11.11.65, versions prior to 11.22.65, and versions prior to 12.0.35

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Quartus The software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Quartus Software is a set of software for hardware programming developed by Intel Corporation of the United States. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products