VARIoT IoT vulnerabilities database

HiLEME is a miniature surveillance camera. HiLEME's ftp has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. D-Link DIR-823G There is an access control vulnerability in the device firmware.Information may be obtained. D-LinkDIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G Router is prone to an information-disclosure vulnerability

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G is a wireless router made by Taiwan D-Link Company. There is an operating system command injection vulnerability in D-Link DIR-823G using version 1.02B03 firmware. The vulnerability comes from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. D-Link DIR-823G There is an access control vulnerability in the device firmware.Information may be tampered with. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G Router is prone to a remote security vulnerability. An attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. D-Link DIR-823G with firmware 1.02B03 version is vulnerable; other versions may also be affected

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). Dell OS10 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell Networking OS10 is prone to a remote arbitrary command-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary commands with root privileges. Dell OS10 versions prior to 10.4.2.1 are vulnerable. Dell OS10 is a Linux-based network switch operating system developed by Dell

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. Huawei Honor V10 is a smartphone from China's Huawei

There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China's Huawei company. A driver in the previous version of HuaweiMate10ALP-AL00B9.0.0.181 (C00E87R2P20T8) has a memory re-release vulnerability that an attacker can use to induce a user to install a malicious mobile phone application to cause a denial of service

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-LinkDIR-823G is a wireless router from (D-Link). A command injection vulnerability exists in D-LinkDIR-823G with firmware prior to 1.02B03. Multiple D-Link products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. A remote attacker could exploit this vulnerability to inject malicious content

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. BIG-IP LTM Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. F5 BIG-IP LTM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following versions of F5 BIG-IP LTM are vulnerable: 13.0.0 through 13.0.1 , 12.1.0 through 12.1.3, and 11.5.1 through 11.6.3. F5 BIG-IP LTM is a local traffic manager of F5 company in the United States

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================== Ubuntu Security Notice USN-4547-1 September 28, 2020 italc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: italc-client 1:3.0.3+dfsg1-3ubuntu0.1 italc-master 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore 1:3.0.3+dfsg1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4547-1 CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

ARM Trusted Firmware-A allows information disclosure. The product implements various Arm interface standards such as PSCI, SMC calling convention, SCMI and SDEI. An attacker could exploit this vulnerability to disclose information

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. Comodo UTM Firewall Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Comodo UTM Firewall is a UTM firewall developed by American Comodo Group. The product includes features such as antispam, content filtering, Web filtering and antivirus. Web Console is one of the web-based management console programs

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. AirTies Air5341 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AirTies Air5341 is a wireless modem from Airties, Turkey. A cross-site request forgery vulnerability exists in AirTies Air5341 version 1.0.0.12. A remote attacker could exploit this vulnerability to perform unauthorized operations

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. plural F5 BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. F5 BIG-IP TMUI is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Traffic Management User Interface (TMUI) is one of the user management interfaces. A remote attacker can exploit this vulnerability to execute JavaScript code. The following products and versions are affected: F5 BIG-IP LTM Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP AAM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP AFM 14.0.0, 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Analytics Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1 .3, 11.6.0 to 11.6.3; BIG-IP APM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6. 3 versions; BIG-IP ASM version 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP DNS 14.0.0 , Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Edge Gateway Version 14.0.0, Version 13.0.0 to Version 13.1.1 , version 12.1.0 to version 12.1.3, version 11.6.0 to version 11.6.3; BIG-IP FPS version 14.0.0, version 13.0.0 to 13.1

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. AVEVA Wonderware System The platform contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Wonderware System Platform is a set of fast response control platform from UK's AVEVA company. The platform is mainly used for SCADA and Industrial Internet of Things. A trust management issue vulnerability exists in AVEVA Wonderware System Platform 2017 Update 2 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Wonderware System Platform 2017 Update 2 and prior are vulnerable

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Mate 10 is a smartphone product from China's Huawei

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. plural Lexmark The device contains an information disclosure vulnerability.Information may be obtained. Multiple Lexmark Devices are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Lexmark CX725h; Lexmark CX820; Lexmark CX825; Lexmark CX860; Lexmark XC4150; Lexmark XC6152; Lexmark XC8155;