VARIoT IoT vulnerabilities database

Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. Samsung Galaxy S6 Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-12029 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung Galaxy S6 is a smart phone of South Korea's Samsung (Samsung) company. The vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not verified correctly, resulting in execution to other associated memory locations. erroneous read and write operations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. CUJO Smart Firewall Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CUJOSmartFirewall is a home smart firewall device from CUJO

There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device. plural Huawei Vulnerability related to verification of digital signatures exists in routers made by the manufacturer.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei AR1200 is an enterprise router of China Huawei. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR1200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR1200-S V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR150 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR160 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR2200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR2200-S V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; AR3200 V200R007C00 Version, V200R008C20 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 Version; SRG1300 V200R007C00 Version, V200R008C50 Version, V200R009C00 Version, V200R010C00 version; SRG2300 Version V200R007C00, Version V200R008C50, Version V200R009C00, Version V200R010C00; SRG3300 Version V200R007C00, Version V200R008C50, Version V200R009C00, Version V200R010C00. ?

The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker were able to replace the initial boot firmware image with a very carefully crafted and sufficiently large, malicious replacement, it could cause the bootloader, during the load of that image, to overwrite its own instruction memory and circumvent secure boot protections, install trojans, etc. IBM X-Force ID: 154345. Vendors have confirmed this vulnerability IBM X-Force ID: 154345 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IBM Power System S922 and so on are all server equipment based on Power processor of American IBM company. Attackers can use this vulnerability to overwrite the bootloader's instruction memory, bypass safe boot protection, and install Trojan horse programs

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series. These issues are being tracked by Cisco Bug IDs CSCvn56168, CSCvn72540 and CSCvo05687

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCvn56221 and CSCvo57629

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCvn56213 and CSCvo57138

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvn56175 and CSCvo58414

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code. Huawei Mobile phone Hima-AL00Bhave Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHima-AL00B is a smartphone from China's Huawei company

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1. This issue is tracked by Cisco Bug ID CSCvo58440

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Wind River VxWorks Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. CUJO Smart Firewall is a home intelligent firewall device produced by CUJO Company in the United States

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf. CUJO Smart Firewall Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Permission permissions and access control vulnerabilities exist in the Authentication Boot Protection feature in CUJOSmartFirewall using firmware version 7003

An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. CUJOSmartFirewall is a home smart firewall device from CUJO. An attacker could exploit this vulnerability to execute arbitrary system commands

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. CUJO Smart Firewall Contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. CUJO Smart Firewall is a home intelligent firewall device produced by CUJO Company in the United States

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. Columbia Weather MicroServer Contains a path traversal vulnerability.Information may be obtained. ColumbiaWeatherSystemsWeatherMicroServer is a weather monitoring device from Columbia WeatherSystems, USA. An attacker could exploit this vulnerability to read files from the target device directory structure. Multiple cross-site scripting vulnerabilities 3. An authentication bypass vulnerability 4. A remote code-injection vulnerability 5. A denial-of-service vulnerability An attacker may leverage these issues to view arbitrary files within the context of the server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information or cause denial-of-service condition. This may aid in further attacks. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. Columbia Weather MicroServer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ColumbiaWeatherSystemsWeatherMicroServer is a weather monitoring device from Columbia WeatherSystems, USA. A cross-site scripting vulnerability exists in ColumbiaWeatherSystemsWeatherMicroServerMS_2.6.9900 and earlier that caused the program to fail to validate input correctly. A remote attacker can exploit this vulnerability to execute arbitrary web scripts. A directory traversal vulnerability 2. Multiple cross-site scripting vulnerabilities 3. An authentication bypass vulnerability 4. A remote code-injection vulnerability 5. A denial-of-service vulnerability An attacker may leverage these issues to view arbitrary files within the context of the server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information or cause denial-of-service condition. This may aid in further attacks. The vulnerability stems from the lack of correct validation of client data in WEB applications

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. Columbia Weather MicroServer Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ColumbiaWeatherSystemsWeatherMicroServer is a weather monitoring device from Columbia WeatherSystems, USA. An authorized access vulnerability exists in ColumbiaWeatherSystemsWeatherMicroServerMS_2.6.9900 and earlier. An attacker could exploit the vulnerability to bypass authentication, manipulate the device, and cause a denial of service. A directory traversal vulnerability 2. Multiple cross-site scripting vulnerabilities 3. A remote code-injection vulnerability 5. A denial-of-service vulnerability An attacker may leverage these issues to view arbitrary files within the context of the server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information or cause denial-of-service condition. This may aid in further attacks. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. Columbia Weather MicroServer The firmware contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ColumbiaWeatherSystemsWeatherMicroServer is a weather monitoring device from Columbia WeatherSystems, USA. A code injection vulnerability exists in ColumbiaWeatherSystemsWeatherMicroServerMS_2.6.9900 and earlier. A remote attacker could exploit the vulnerability to execute code. A directory traversal vulnerability 2. Multiple cross-site scripting vulnerabilities 3. An authentication bypass vulnerability 4. A denial-of-service vulnerability An attacker may leverage these issues to view arbitrary files within the context of the server, execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information or cause denial-of-service condition. This may aid in further attacks