VARIoT IoT vulnerabilities database

An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. Rockwell Automation Allen-Bradley PowerMonitor 1000 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An access control error vulnerability exists in the Web page of Rockwell Automation Allen-Bradley PowerMonitor 1000, which could allow an attacker to add new users with administrator privileges. An attacker may leverage these issues to bypass certain security restrictions, obtain sensitive information and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. An attacker could exploit this vulnerability to add/edit/remove administrator accounts

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms. ZyXEL NSA325 V2 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXELNSA325V2 is a network storage device from ZyXEL Technology. A security vulnerability exists in the web application in the ZyXELNSA325V24.81 version. An attacker could exploit the vulnerability to perform a state change operation with a specially crafted HTTP form

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. ZyXEL NSA325 V2 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyXELNSA325V2 is a network storage device from ZyXEL Technology. ZyXEL NSA325 V2 is a media server produced by ZyXEL, Taiwan, China

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. A SQL injection vulnerability exists in several RICOH InteractiveWhiteboard products that can be exploited by remote attackers to obtain or modify information in the database

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products. An attacker can use this vulnerability to log in to the administrator settings page and modify the configuration

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are security vulnerabilities in several RICOHInteractiveWhiteboard products. An attacker could exploit the vulnerability to steal encrypted communications by implementing a man-in-the-middle attack

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. * Command injection (CWE-94) - CVE-2018-16184 * Missing file signature - CVE-2018-16185 * Hard-coded credentials for the administrator settings screen - CVE-2018-16186 * The server certificate is self-signed - CVE-2018-16187 * SQL injection (CWE-89) - CVE-2018-16188 RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.* A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184 * A remote attacker may execute an altered program - CVE-2018-16185 * An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186 * A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187 * A remote attacker may obtain or alter the information in the database - CVE-2018-16188 . RICOHInteractiveWhiteboardD2200 and so on are all Ricoh's multi-function printers. There are command injection vulnerabilities in several RICOHInteractiveWhiteboard products that can be exploited by remote attackers to enforce arbitrary commands with administrative privileges

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. TOTOLINK A3002RU Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is a wireless router product of TOTOLINK. A command injection vulnerability exists in fromNtp in the TOTOLINKA3002RU 1.0.8 release

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. TOTOLINK A3002RU Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is a wireless router product of TOTOLINK. A command injection vulnerability exists in formAliasIp in TOTOLINKA3002RU 1.0.8

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. TOTOLINK A3002RU Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is a wireless router product of TOTOLINK. A command injection vulnerability exists in formAliasIp in TOTOLINKA3002RU 1.0.8

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. TOTOLINK A3002RU Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINK A3002RU is a wireless router product of Zeon Electronics (TOTOLINK). The formDlna in TOTOLINK A3002RU 1.0.8 has a command injection vulnerability

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. Buffalo TS5600D1206 Contains an information disclosure vulnerability.Information may be obtained. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution. VT-Designer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of pm3 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China's INVT Electric Company. A heap buffer overflow vulnerability exists in INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions. INVT Electric VT-Designer 2.1.7.31 is vulnerable; other versions may also be affected

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution. VT-Designer Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CArchive objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. INVT Electric VT-Designer is a graphics development tool from China's INVT Electric Company. A vulnerability exists in the INVT Electric VT-Designer version 2.1.7.31. Failed exploit attempts will likely result in denial-of-service conditions

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. TOTOLINK A3002RU Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TOTOLINKA3002RU is a wireless router product of TOTOLINK

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. TOTOLINK A3002RU Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TOTOLINKA3002RU is a wireless router product of TOTOLINK

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. TOTOLINK A3002RU Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TOTOLINKA3002RU is a wireless router product of TOTOLINK

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. Buffalo TS5600D1206 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. TOTOLINK A3002RU Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TOTOLINKA3002RU is an AC1200 wireless dual-band Gigabit router. An access control error vulnerability exists in formPasswordSetup in TOTOLINKA3002RU version 1.0.8