VARIoT IoT vulnerabilities database

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. Snapdragon (Automobile , Mobile , Wear) Contains a cryptographic vulnerability.Information may be tampered with. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-68326803, A-62213176, A-73539234, A-72950814, A-77484228, A-111090697, A-68326811, A-78240387, A-78239234, A-68326819, A-71501117, A-72950958, A-74236425, A-77484229, A-79419793, A-109677940, A-109677982, A-109677964, A-109678202, A-109678380, A-111091377, A-111090533, A-111093202, A-111090698, A-111093021, and A-111093167. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An encryption issue vulnerability exists in several Qualcomm Snapdragon products due to a program that does not properly randomize MAC addresses. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. D-Link DIR-846 There is an access control vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-846 is a wireless router product from D-Link

TP_LINK TL-WAR302 is an enterprise-class 300M wireless VPN router that supports multiple VPN clients and supports online behavior management. Command execution vulnerability exists in multiple interfaces of TP_LINK TL-WAR302 router. The vulnerability is caused by multiple interfaces of TP-LINK WAR302 failing to properly filter parameters submitted by users. Attackers can use the vulnerability to execute arbitrary code.

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. plural Tenda Product Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda AC7, etc. are all wireless router products of China Tenda. An attacker can use this vulnerability to cause a denial of service. The following products and versions are affected: Tenda AC7 15.03.06.44_CN Version; AC9 15.03.05.19(6318)_CN Version; AC10 15.03.06.23_CN Version; AC15 15.03.05.19_CN Version; AC18 15.03.05.19(6318)_CN Version

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. Tenda AC9 and AC10 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC9 is a wireless router product from Tenda. The operating system command injection vulnerability exists in TendaAC915.03.05.19 (6318)_CN version and AC1015.03.06.23_CN version and previous versions

Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address. plural myStrom The product contains authentication vulnerabilities.Information may be obtained and information may be altered

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. plural myStrom Product Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. Philips e-Alert Unit Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. Philips e-Alert Unit Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. An input validation vulnerability exists in Philips e-Alert R2.1 and earlier versions

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. Philips e-Alert Unit Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. The vulnerability stems from the fact that the program does not properly filter the input submitted by the user. A remote attacker could exploit this vulnerability to execute scripts in the user's browser

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. Xovis PC2 , PC2R and PC3 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. A cross-site request forgery vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware version 3.6.0 and earlier, which can be exploited by remote attackers to perform unauthorized operations

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Xovis PC2 , PC2R and PC3 The device includes XML An external entity vulnerability exists.Information may be obtained. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. An XML external entity injection vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware versions 3.6.0 and earlier, which can be exploited by an attacker to exploit information. An attacker could exploit this vulnerability to disclose information

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. Xovis PC2 , PC2R and PC3 The device contains a path traversal vulnerability.Information may be obtained. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. A directory traversal vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware versions 3.6.0 and earlier, which can be exploited by an attacker to exploit information

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. EPSON WF-2750 Printer firmware contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. EPSONWF-2750 is a printer device from Epson Japan. The vulnerability stems from the printer web server failing to properly check the validity of the form before processing the HTML form. An attacker could use this vulnerability to redirect users to a malicious site

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. EPSON WF-2750 The printer firmware contains a vulnerability related to channel and path errors.Information may be tampered with. EPSON WF-2750 is a printer made by EPSON Corporation of Japan

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. EPSON WF-2750 The printer firmware is vulnerable to the same origin policy violation.Information may be tampered with. EPSON WF-2750 is a printer made by EPSON Corporation of Japan. A security vulnerability exists in the EPSON WF-2750 printer using firmware version JP02I2 due to the program not communicating securely and not validating data adequately

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. Philips e-Alert Unit Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. There is a security vulnerability in Philips e-Alert R2.1 and earlier versions, the vulnerability is caused by the program not correctly limiting the size of the requested resource. An attacker could exploit this vulnerability to cause a denial of service (resource exhaustion)

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. Philips e-Alert Unit Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. An attacker could exploit this to obtain sensitive information