VARIoT IoT vulnerabilities database

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image. DENX U-Boot Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Das U-Boot is prone to multiple local arbitrary code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the U-Boot instance. Failed exploit attempts will likely cause a denial-of-service condition

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. plural Huawei Smartphones have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALP-AL00B\\BLA-AL00B is a smartphone launched by Huawei

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an input validation vulnerability.Information may be tampered with. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application. An attacker could exploit this vulnerability to implement a clickjacking attack

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are products of American C Company. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application

A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application

A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. Green Electronics RainMachine Mini-8 and Touch HD 12 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The Green Electronics RainMachine Mini-8 is an intelligent irrigation sprinkler. Touch HD 12 Web Application is a web-based touch screen application

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Green Electronics RainMachine Mini-8 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA

The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. Green Electronics RainMachine Mini-8 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA. No detailed details of the vulnerability are currently available

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. NetGainEnterpriseManager (EM) is a plug-and-play hardware IT architecture monitoring and management device developed by NetGainSystems

IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. IBM WebSphere MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 145456 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. CASE Suite Is XML An external entity vulnerability exists.Information may be obtained. Fr. Sauter AG CASE Suite is a software development kit for building automation systems from Swiss company Fr. Sauter AG. Sauter AG CASE Suite 3.10 and earlier. A remote attacker could use this vulnerability to cause a file leak. An attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. Yi Home Camera Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. YiHomeCamera is a globally sold IoT home camera. Yi Home Camera 27US is a network camera product of Yi Technology Company in the United States

An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. YiHomeCamera is a globally sold IoT home camera

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. Yi Home Camera Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. Yi Home Camera is a globally sold IoT home camera

An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. Yi Home Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. YiHomeCamera is a globally sold IoT home camera. Yi Home Camera 27US is a network camera product of Yi Technology Company in the United States

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. Circontrol CirCarLife Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Circontrol CirCarLife is prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions, or to obtain sensitive information. Versions prior to CirCarLife 4.3.1 are vulnerable. CIRCONTROL CirCarLife is a parking lot automation management system developed by Spain CIRCONTROL company

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. Circontrol CirCarLife Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CIRCONTROL CirCarLife is a set of parking lot automation management system of Spain CIRCONTROL company. CIRCONTROL CirCarLife Prior to version 4.3.1 there were security vulnerabilities. An authentication-bypass vulnerability 2

All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections. ZTE ZXR10 8905E The product contains vulnerabilities related to security functions.Information may be tampered with. ZTEZXR108905E is a router product of China ZTE Corporation. A security vulnerability exists in ZTEZXR108905E3.03.10.B23P2 and earlier. A remote attacker can exploit this vulnerability to perform a spoofing attack

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then gain access to the AP's console port. This vulnerability is applicable only if the BLE radio has been enabled in affected access points. The BLE radio is disabled by default. Note - Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986. Aruba Access point Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Texas Instruments Bluetooth Low Energy Chips are prone to an remote code-execution vulnerability. Successfully exploiting this issue will allow an attackers to execute arbitrary code. Aruba AP-3xx and others are wireless access point devices of Aruba Networks

TendaAC7 and others are wireless router products of Tenda. Httpd is one of the HTTP server components. A buffer overflow vulnerability exists in httpd in several Tenda products. An attacker could exploit the vulnerability to cause a denial of service (the return address of the override function).