VARIoT IoT vulnerabilities database

Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. NetwaveIPcamera is a network camera produced by Netwave Systems B.V. of the Netherlands

AP series is a new generation of programmable controller (PLC) newly developed by Taian Technology. Taian Technology AP-PCLINK setup V1.5 has a memory corruption vulnerability. This vulnerability is due to the failure of AP-PCLINK to read the malformed project to verify the availability of the function pointer. An attacker could exploit the vulnerability to cause the null pointer memory to be read, causing memory corruption

Taian Technology (Wuxi) Co., Ltd. is a manufacturer, sales and R & D of a series of industrial control and low voltage electrical and power distribution products, namely electronics and component products. There is a memory read out-of-bounds vulnerability in Taian SG2 software. This vulnerability is due to the failure of SG2 software to verify the availability of function pointers when reading malformed projects. An attacker could use the vulnerability to cause memory reads to cross boundaries and cause denial of service

TP03-software V21 is a programmable controller. Taian Technology TP03-Software V21 has a memory read out-of-bounds vulnerability. The vulnerability is due to the failure of TP03-software to read the malformed project to verify that the function pointer is available. An attacker could use the vulnerability to cause the memory read to cross the boundary and cause a denial of service

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. Mutiny Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MutinyMonitoringAppliance is a network monitoring device from Mutiny, UK. A command injection vulnerability exists in the maintenance.cgi file in versions prior to MutinyMonitoringAppliance6.1.0-5263. An attacker could use this vulnerability to inject arbitrary commands into a file name. [Version Tested] Version 6.1.0-5191 was tested and is vulnerable. [Solution] Upgrade to v6.1.0-5263. [Reference] https://www.mutiny.com/mutiny-support/previous-releases/ (Under the "Patches/Bugs" Fixed section) [Timeline] August 12, 2018 - A detailed report and exploit was sent to the vendor. August 13, 2018 - The vendor released a patch (version 6.1.0-5263). August 19, 2018 - Mitre assigned a CVE

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. Dell 2335dn Printer Printer firmware, Engin firmware, Network The firmware contains a vulnerability related to certificate and password management. Dell 2335dn is a multifunctional laser printer product of Dell (Dell). An attacker could exploit this vulnerability to retrieve the configured SMTP or LDAP password and possibly authenticate with an empty default administrator account password

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. plural BD Alaris The product is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BDAlarisGS and so on are different series of medical syringe pumps from BD. A mis-certification vulnerability exists in several BD products due to software failure to perform authentication on features that require authentication. The vulnerability could be exploited by a remote attacker to gain unauthorized access to the Alaris syringe pump, affecting the operation of the syringe pump. Multiple BD Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. BD Alaris GS, etc. The following products and versions are affected: BD Alaris GS 2.3.6 and earlier; BD Alaris GH 2.3.6 and earlier; BD Alaris CC 2.3.6 and earlier; BD Alaris TIVA 2.3.6 and earlier

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system. Mikrotik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. Security vulnerabilities existed in versions prior to MikrotikRouterOS 6.42.7 and versions prior to 6.40.9

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. Mikrotik RouterOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. Insteon Hub There are authentication vulnerabilities in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'. Insteon Hub The firmware contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Insteon Hub is an Insteon central controller product of Insteon Company in the United States. This product can remotely control light bulbs, wall switches, air conditioners, etc. in your home

The VMG3312-B10B is a router product from ZyXEL. A cross-site scripting vulnerability exists in ZyXELVMG3312-B10B that could allow an attacker to perform a cross-site scripting attack.

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. InsteonHub 2245-222 is an Insteon central controller device from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home

An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiOS 5.6.6 and 6.0.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera are both products of Philips in the Netherlands. Philips ISCV is a cardiac imaging information management system. Xcelera is its predecessor. There are security vulnerabilities in Philips ISCV 2.x and earlier versions and Xcelera 4.1 and earlier versions. The vulnerabilities are caused by the failure of the program to perform proper rights management

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains an unquoted search path or element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. UCOPIA Wireless Appliance Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state