VARIoT IoT vulnerabilities database

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. An attacker could exploit this vulnerability to manually update the firmware

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app. ZTE ZMAX Champ Android Devices have vulnerabilities related to authorization, permissions, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. ZTE ZMAX is prone to the following security vulnerabilities: 1. An arbitrary command-execution vulnerability 2. A denial-of-service vulnerability An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to execute arbitrary commands, to cause an affected device to crash, denying service to legitimate users. ZTE ZMAX Champ is a smartphone based on the Android platform of China's ZTE Corporation (ZTE). The com.zte.zdm.sdm data package of the pre-installed platform application in ZTE ZMAX Champ (the Build fingerprint used is ZTE/Z917VL/fortune: 6.0.1/MMB29M/20170327.120922: user/release-keys) There is a security vulnerability in the .zte.zdm.VdmcBroadcastReceiver component

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials. Attackers can use the vulnerability to write vulnerability reports (kernel logs, logcat logs, and activity notification texts and other system service status), Wi-Fi passwords, and other system data to the SD card

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService. ASUS ZenFone 3 Max Android The device contains vulnerabilities related to security functions.Information may be tampered with. Attackers can use this vulnerability to download and install any application via the Internet

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. F5 BIG-IP APM is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The following versions of BIG-IP APM are vulnerable: 14.0.0 through 14.1.0 13.0.0 through 13.1.1 12.1.0 through 12.1.3 11.5.1 through 11.6.3. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. APM webtop is one of the access portals

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response. APM Contains an authorization vulnerability.Information may be obtained. F5 BIG-IP APM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. BIG-IP APM 13.0.0 through 13.1.1 are vulnerable. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. Attackers can exploit this vulnerability to prevent APM from displaying correct information

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements. ZebOS and OcNOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ARM BGP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following versions of BIG-IP ARM BGP are vulnerable: 14.0.0, 13.0.0 through 13.1.1, 12.1.0 through 12.1.3, 11.2.1 through 11.6.3. Both IP Infusion ZebOS and OcNOS are products of the US IP Infusion company. IP Infusion ZebOS is a standards-based layer 2, layer 3 and MPLS/MPLS/TP networking platform. OcNOS is a full-featured network operating system for White Box. A security vulnerability exists in the BGP daemon (bgpd) in IP Infusion ZebOS 7.10.6 and earlier and OcNOS 1.3.3.145 and earlier

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. Battelle V2I Hub Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. This vulnerability CVE-2018-0723 Is a different vulnerability.Information may be obtained and information may be altered

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. This vulnerability CVE-2018-0724 Is a different vulnerability.Information may be obtained and information may be altered. QNAPQ'centerVirtualAppliance is a virtual device used by QNAP Systems to deploy Q'center (QNAPNAS management platform) in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD. VIA Technologies EPIA-E900 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. VIA Technologies EPIA-E900 system board is an embedded Pico-ITX motherboard from VIA Technologies. ETK_E900.sys SmartETK driver is one of the drivers. A security vulnerability exists in the ETK_E900.sys SmartETK driver for VIA Technologies EPIA-E900 system motherboards. An attacker could exploit this vulnerability to cause a denial of service

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CGA0111 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CGA0111 is a cable modem of the French Technicolor Group. Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU has a security vulnerability

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor DPC3928SL The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor DPC3928SL is a cable modem of the French Technicolor Group. Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a version has a security vulnerability

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor TC7200.d1I The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.d1I is a cable modem of the French Technicolor Group. Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT has a security vulnerability

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CWA0101 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CWA0101 is a cable modem of the French Technicolor Group. Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC version has a security vulnerability

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7200.TH2v2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.TH2v2 is a cable modem of the French Technicolor Group. Technicolor TC7200.TH2v2 SC05.00.22 has a security vulnerability

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. TC7110.AR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.AR is a cable modem of the French Technicolor Group. Technicolor TC7110.AR STD 3.38.03 has a security vulnerability

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7110.B The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.B is a cable modem from Technicolor Group. Technicolor TC7110.B STC8.62.02 has a security vulnerability

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32 and iso.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32 SNMP requests. D-Link DCM-604 and DCM-704 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The D-Link DCM-604 and DCM-704 are both D-Link wireless router products. A security vulnerability exists in the D-LinkDCM-604DCM604_C1_ViaCabo_1.04_20130606 and DCM-704EU_DCM-704_1.10 versions

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. Provided by Yokogawa Electric Corporation Vnet/IP For open communication drivers, disruption of service operation due to driver reception processing (DoS) Vulnerabilities (CWE-399) Exists. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.Service disruption when processing a large number of packets sent from a remote third party (DoS) State Vnet/IP The communication function of the open communication driver may stop. Yokogawa Vnet/IP Open Communication Driver is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following products are affected: Yokogawa CENTUM CS 3000 R3.05.00 through R3.09.5 Yokogawa CENTUM CS 3000 Entry Class R3.05.00 through R3.09.50 Yokogawa CENTUM VP R4.01.00 through R6.03.10 Yokogawa CENTUM VP Entry Class R4.01.00 through R6.03.10 Yokogawa Exaopc R3.10.00 through R3.75.00 Yokogawa PRM R2.06.00 through R3.31.00 Yokogawa ProSafethrough RS R1.02.00 through R4.02.00 Yokogawa FAST/TOOLS R9.02.00 through R10.02.00 Yokogawa B/M9000 VP R6.03.01 through R8.01.90. Yokogawa CENTUM CS 3000, etc. are all products of Japan's Yokogawa (Yokogawa) company. Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server