VARIoT IoT vulnerabilities database

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request to the /FIRMWAREUPDATE URI. Epson WorkForce WF-2861 The device contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Epson WorkForce WF-2861 is a Wi-Fi duplex all-in-one inkjet printer. Epson WorkForce WF-2861 10.48 LQ22I3 (recovery mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA web services have firmware update authorization vulnerabilities

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to cause a denial of service via a FIRMWAREUPDATE GET request, as demonstrated by the /DOWN/FIRMWAREUPDATE/ROM1 URI. Epson WorkForce WF-2861 The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EpsonWorkForceWF-2861 is a multifunction printer from Epson Japan. A security vulnerability exists in the Web service in EpsonWorkForceWF-2861 using 10.48LQ22I3 (Recovery mode) version, 10.51.LQ20I6 version and 10.52.LQ17IA version firmware

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. IIoT Monitor Is XML An external entity vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability.The specific flaw exists in the Login method of the AccountMgmt servlet. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this in conjunction with other vulnerabilities to bypass authentication on the system. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. An attacker could use this vulnerability to obtain restricted information. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3. An XML External Entity injection vulnerability An attacker can exploit these issues to gain access to arbitrary files, upload and execute arbitrary files to the affected computer and gain access to sensitive information

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. IIoT Monitor Contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability.The specific flaw exists within downloadCSV.jsp servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Pro-Face GP-Pro EX Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Pro-face GP-Pro EX is prone to an arbitrary code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Pro-face GP-Pro EX 4.08 and prior versions are vulnerable

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401. WellinTech KingSCADA Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. WellinTech KingSCADA is a cross-platform SCADA system software from China's WellinTech. The software has model application, remote centralized management deployment, multi-person simultaneous development, data acquisition and processing

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. IIoT Monitor Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed.The specific flaw exists within the processing of the upload method of the ProtectionMgmt servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack. Epson WorkForce WF-2861 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Epson WorkForce WF-2861 is a Wi-Fi duplex all-in-one inkjet printer. An attacker could use this vulnerability to perform an amplification attack, which could lead to a denial of service. A security vulnerability exists in the Epson WorkForce WF-2861 using firmware versions 10.48 LQ22I3, 10.51.LQ20I6, and 10.52.LQ17IA

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when sending data for Air Print Setting, then the device no longer functions until a reboot. Epson WorkForce WF-2861 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EpsonWorkForceWF-2861 is a multifunction printer from Epson Japan. There is a security hole in the \342\200\230AirPrint Settings\342\200\231 web page in EpsonWorkForceWF-2861 using 10.48LQ22I3 version, 10.51.LQ20I6 version and 10.52.LQ17IA version firmware. An attacker could exploit the vulnerability to cause the device to stop working

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Synology Router Manager (SRM) is a Synology software for configuring and managing Synology routers

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. EVLink Parking Contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SchneiderElectricEVLinkParking is a commercial electric vehicle charging solution from Schneider Electric, France. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot. Xiaomi Mi A1 The device contains a security feature vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. XiaomiMiA1 is a smart phone from China Xiaomi. An information disclosure vulnerability exists in XiaomiMiA1 (tissot_sprout) version 8.1.0, OPM1.171019.026 version, and 9.6.4.0.ODHMIFE version. The attacker can use this vulnerability to obtain a Wi-Fi password

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. EVLink Parking Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. Synology DiskStation Manager (DSM) Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. There is a security vulnerability in the Log Exporter in versions earlier than Synology DSM 6.1.6-15266. A remote attacker could exploit this vulnerability to inject arbitrary content

Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. An information disclosure vulnerability exists in SYNO.Core.Desktop.SessionData in Synology DSM versions earlier than 6.1.6-15266

Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Synology DiskStation Manager (DSM) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. Technicolor DPC3928SL The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The Technicolor DPC3928SL is a cable modem from the French Technicolor group. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of setSSID

Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. TendaADSLmodemrouters is a wireless router from Tenda. A cross-site scripting vulnerability exists in the TendaADSLmodemrouters1.0.1 release. A remote attacker could exploit the vulnerability of a DHCP client to inject malicious code into the current list of DHCP clients

TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. TP-Link TD-W8961ND The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The TP-LinkTD-W8961ND is a wireless router from China Unicom (TP-LINK). A cross-site scripting vulnerability exists in the TP-LinkTD-W8961ND. A remote attacker can use the vulnerability of a DHCP client to inject malicious code into the current list of DHCP clients