VARIoT IoT vulnerabilities database

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware. Samsung Galaxy S6 SM-G920F Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. A security vulnerability exists in the 'dhd_rx_frame' function of the drivers/net/wireless/bcmdhd4358/dhd_linux.c file of the bcmdhd4358 Wi-Fi driver in the SamsungGalaxyS6 (SM-G920F) with firmware G920FXXU5EQH7. The vulnerability program failed to verify Wi- correctly. The index of the web interface provided by the Fi chip firmware. An attacker could exploit the vulnerability to prevent users from accessing operating system memory

A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. plural Swisscom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Swisscom Internet-Box is a router of Swisscom company in Switzerland

Subsonic is a media file hosting platform. A request forgery vulnerability exists on the Subsonic server. The vulnerability is located in the "internetRadioSettings.view" module and the "streamUrl" parameter of the localhost path URL. Allows remote attackers to hijack Internet wireless current authentication.

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. plural Bosch IP camera The product firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BoschIPCamera is a network camera product from BoschSicherheissysteme, Germany. A buffer overflow vulnerability exists in the Web server in BoschIPCamera using firmware version 6.32 and later

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. D-Link DSL-2770L The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-2770L is a wireless router from D-Link. A security vulnerability exists in the atbox.htm file in the D-LinkDSL-2770LME_1.01, ME_1.02, and AU_1.06 versions. D-Link DSL-2770L Router is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. D-Link DSL-2770L ME 1.01, ME 1.02, and AU1.06 are vulnerable

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. plural D-Link device (DSL , DIR , DWR) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-2770L and others are all wireless router products of D-Link. There are security holes in the spaces.htm file in several D-Link devices. A remote attacker can exploit this vulnerability to divulge admin credentials. Multiple D-Link Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The following products and versions are vulnerable: D-Link DSL-2770L ME 1.01, ME 1.02, AU 1.06 D-Link DIR-140L, and DIR-640L versions 1.00, 1.01RU, 1.02 D-Link DWR-116, DWR-512, DWR-555, and DWR-921 versions 1.03, 1.05, 2.01, 2.02. The following products and versions are affected: D-Link DSL-2770L Version ME_1.01, Version ME_1.02, Version AU_1.06; DIR-140L Version 1.00, Version 1.01RU, Version 1.02; DIR-640L Version 1.00, Version 1.01RU , Version 1.02; DWR-116 Version 1.03, Version 1.05, Version 2.01, Version 2.02; DWR-512 Version 1.03, Version 1.05, Version 2.01, Version 2.02; DWR-555 Version 1.03, Version 1.05, Version 2.01, Version 2.02; -921 Version 1.03, Version 1.05, Version 2.01, Version 2.02

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. D-Link DIR-140L and DIR-640L The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-140L and DIR-640L are both D-Link wireless router products. An information disclosure vulnerability exists in the dirty0.js file in the D-LinkDIR-140L1.02 and DIR-640L1.01RU versions. D-Link DIR-140L and DIR-640L Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The following versions are vulnerable: DIR-140L 1.02 DIR-640L 1.01RU

A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.). BlinkForHome ( alias Blink For Home) Sync module Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ImmediaSemiconductorBlinkForHomeSyncModule is a synchronization module used in home security camera systems by ImmediaSemiconductor. A denial of service vulnerability exists in ImmediaSemiconductorBlinkForHomeSyncModule2.10.4 and earlier, which could be exploited by an attacker to cause a denial of service

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. Intel VTune Amplifier Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel VTune Amplifier is a set of performance analysis tools of Intel Corporation of the United States. This product is mainly used for performance analysis of high-performance computing, IoT embedded applications, device drivers and game engines. The installer in Intel VTune Amplifier 2018 Update 3 and earlier has a security vulnerability. A local attacker could use this vulnerability to elevate privileges

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root. The Geutebr\303\274ck E2CameraSeries is an E2 series webcam from Geutebr\303\274ck, Germany. A remote attacker can exploit this vulnerability to inject operating system commands with root privileges. Geutebrück GmbH E2 Series IP Cameras are prone to an OS command-injection vulnerability

Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. Intel System Defense Utility is a tool for remotely configuring the security of a PC (supporting Intel vPro technology) developed by Intel Corporation. This product is mainly used for security configuration of Intel vPro function and SMB environment. A local attacker could exploit this vulnerability to elevate privileges

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. Intel Parallel Studio Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Parallel Studio is a development kit for high-performance applications developed by Intel Corporation. A security vulnerability exists in the installer in versions prior to Intel Parallel Studio 2019 Gold. A local attacker could exploit this vulnerability to elevate privileges

Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker could exploit this vulnerability to elevate privileges

Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Intel QuickAssist Technology for Linux Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel QuickAssist Technology for Linux is a data management technology based on the Linux platform of Intel Corporation of the United States. It is mainly used to enhance the security and compression performance of dynamic data and static data in cloud, network, big data and storage applications. A security vulnerability exists in Intel QuickAssist Technology (all versions) for Linux-based platforms. A local attacker could exploit this vulnerability to cause a denial of service

Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Intel QuickAssist Technology for Linux Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel QuickAssist Technology for Linux is a data management technology based on the Linux platform of Intel Corporation of the United States. It is mainly used to enhance the security and compression performance of dynamic data and static data in cloud, network, big data and storage applications. A security vulnerability exists in Intel QuickAssist Technology (all versions) for Linux-based platforms. A local attacker could exploit this vulnerability to cause a denial of service

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device