VARIoT IoT vulnerabilities database

China Telecom Group Co., Ltd. is a super-large state-owned communications company in China and a global partner of the Shanghai World Expo. It has been selected as a "Fortune 500 Enterprise" for many years. China Telecom Tianyi Smart Gateway / Tianyi Broadband Home Gateway is a necessary equipment installed by China Telecom for users who purchase telecommunications broadband services. The equipment installation scope covers 33 provinces and cities. There is a vulnerability in command execution in China Telecom's intelligent gateway management platform. An attacker can use the vulnerability to listen to the traffic of the optical cat to connect users, hijack the network, and bounce the root shell to a remote server.

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA. plural Marvell Made Avastar wireless SoC The model includes Wi-Fi Multiple vulnerabilities exist including memory block pool overflow during network scans. ZeroNights 2018 Conference In Marvell Avastar SoC Several vulnerabilities were introduced and details about memory block pool overflow were announced. Wi-Fi An overflow condition occurs during a network scan, overwriting data in a specific memory block pool. Many devices automatically perform network scanning in the background, so this vulnerability can be exploited regardless of whether the target device is connected to a wireless network and without user intervention. There is a possibility.Wi-Fi Specially crafted by unauthenticated attackers within reach of Wi-Fi Using frames Marvell SoC Arbitrary code may be executed on systems with. Depending on the implementation method, it was attacked SoC Can be used to intercept network traffic and execute code on the host system. MarvellAvastar Wi-Fi is a WiFi chipset used in routers, computers and other devices. A security hole exists in the ThreadX-based firmware on MarvellAvastar Wi-Fi. Multiple Marvell SOCs are prone to arbitrary code-execution vulnerabilities. An attacker can leverage these issues to execute arbitrary code in the context of the affected system

Cloud EC e-commerce system (hereinafter referred to as cloud EC) is a set of open source e-commerce system software based on PHP + MYSQL independently developed by Yunmai E-commerce Co., Ltd. There is a SQL injection vulnerability in the or ***. De ***. Php file in the cloud EC e-commerce system background. An attacker could use the vulnerability to obtain sensitive database information.

Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20. snapdragon mobile and snapdragon wear Contains an authorization vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9206 is a central processing unit (CPU). SDX24 is a modem. A security vulnerability exists in several Qualcomm snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 625; SD 636;

While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016. snapdragon mobile and snapdragon wear Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A race condition vulnerability exists in several Qualcomm snapdragon products. Attackers can exploit this vulnerability to cause cross-border access

Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607. snapdragon wear Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and MDM9607 are Qualcomm's central processing unit (CPU) products. A buffer overflow vulnerability exists in the Qualcomm MDM9206 and MDM9607 products. An out-of-bounds write vulnerability exists in the Qualcomm MDM9206 and MDM9607 products due to an incorrect bounds check performed by the program

Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660. snapdragon mobile and snapdragon wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer error vulnerability exists in the lwm2m device management protocol in several Qualcomm snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660. snapdragon mobile and snapdragon wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer error vulnerability exists in several Qualcomm snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660. snapdragon mobile and snapdragon wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer error vulnerability exists in several Qualcomm snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. TP-Link WDR Series device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkWDRSeries is a WDR series wireless router from China TP-LINK. A remote attacker could exploit the vulnerability to execute code

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. Dell Networking OS10 Contains a certificate validation vulnerability.Information may be obtained and information may be altered. Dell Networking OS10 is a Linux-based network switch operating system developed by Dell

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * Code injection (CWE-94) - CVE-2018-19011 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Use After Free ( Use of freed memory ) (CWE-416) - CVE-2018-19017 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Resource Using Incompatible Type ( Mixing of molds ) (CWE-843) - CVE-2018-19019 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Uninitialized Pointer ( Uninitialized pointer access ) (CWE-824) - CVE-2018-19018 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Out-of-bounds Read ( Read out of bounds ) (CWE-125) - CVE-2018-19020 By processing a specially crafted project file, the application reads values outside the array.Service disruption by a third party (DoS) An attacker could be attacked or execute arbitrary code with application privileges. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of a user-supplied string, which could allow the deletion of any file on the system. An attacker could use this to delete data or create a denial-of-service condition. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor 3.42 and prior versions are vulnerable. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. A command injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * Code injection (CWE-94) - CVE-2018-19011 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Use After Free ( Use of freed memory ) (CWE-416) - CVE-2018-19017 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Resource Using Incompatible Type ( Mixing of molds ) (CWE-843) - CVE-2018-19019 By processing a specially crafted project file, arbitrary code can be executed with application privileges. * Access of Uninitialized Pointer ( Uninitialized pointer access ) (CWE-824) - CVE-2018-19018 By processing a specially crafted project file, arbitrary code can be executed with application privileges. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Code. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor 3.42 and prior versions are vulnerable. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. A command injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions

A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of SCS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor 3.42 and prior versions are vulnerable. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. The Omron CX-Supervisor is a powerful and advanced machine visualization package that provides a very flexible PC-based HMI environment. Program permission execution code. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A code-injection vulnerability 2. Multiple command-injection vulnerability 3. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service

A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. ControlByWeb X-320M-I Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A cross-site scripting vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M due to the program not validating input properly. A remote attacker could exploit this vulnerability to execute code

The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution. ABB CP400 Panel Builder Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB CP400PB is a set of human interface programming software from ABB, Switzerland. TextEditor is one of the text editors. An attacker could exploit the vulnerability to execute arbitrary code and cause a denial of service. ABB CP400 Panel Builder TextEditor is prone to a local code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. The following products are vulnerable: CP400 Panel BuilderTextEditor 2.0 CP400PB 2.0.7.05 and prior

Shenzhen Ruilian Digital Technology Co., Ltd. is committed to developing leading Internet video products and video content services, providing cameras for security, sports, entertainment, nursing and other subdivision applications for the consumer market, and providing live broadcast, video sharing and Content services such as video cloud storage. The Reolink camera has a remote command execution vulnerability and two unauthorized stack overflow vulnerabilities. An attacker could use a remote command execution vulnerability in conjunction with the default credentials admin: empty or weak passwords to bypass the authentication limit and remotely take over the camera.

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. The D-link Central WifiManager Co ***. Php page has a SQL injection vulnerability. Attackers can use the vulnerability to obtain database information and modify and delete arbitrary data in the database.