VARIoT IoT vulnerabilities database

Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. Belkin Wemo Insight Smart Plug Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BelkinWemoInsightSmartPlug is a smart plug device from Belkin, USA. A stack buffer overflow vulnerability exists in the libUPnPHndlr.so file in BelkinWemoInsightSmartPlug

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal. lldptool Contains a buffer error vulnerability.Information may be tampered with. lldptool is an implementation of the Link Layer Discovery Protocol. There is a security vulnerability in lldptool 1.0.1 and earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: lldpad security and bug fix update Advisory ID: RHSA-2019:3673-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3673 Issue date: 2019-11-05 CVE Names: CVE-2018-10932 ===================================================================== 1. Summary: An update for lldpad is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) Agent with Enhanced Ethernet support. Security Fix(es): * lldptool: improper sanitization of shell-escape codes (CVE-2018-10932) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1614896 - CVE-2018-10932 lldptool: improper sanitization of shell-escape codes 1727326 - lldpad memory usage increases over time 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: lldpad-1.0.1-13.git036e314.el8.src.rpm aarch64: lldpad-1.0.1-13.git036e314.el8.aarch64.rpm lldpad-debuginfo-1.0.1-13.git036e314.el8.aarch64.rpm lldpad-debugsource-1.0.1-13.git036e314.el8.aarch64.rpm ppc64le: lldpad-1.0.1-13.git036e314.el8.ppc64le.rpm lldpad-debuginfo-1.0.1-13.git036e314.el8.ppc64le.rpm lldpad-debugsource-1.0.1-13.git036e314.el8.ppc64le.rpm s390x: lldpad-1.0.1-13.git036e314.el8.s390x.rpm lldpad-debuginfo-1.0.1-13.git036e314.el8.s390x.rpm lldpad-debugsource-1.0.1-13.git036e314.el8.s390x.rpm x86_64: lldpad-1.0.1-13.git036e314.el8.i686.rpm lldpad-1.0.1-13.git036e314.el8.x86_64.rpm lldpad-debuginfo-1.0.1-13.git036e314.el8.i686.rpm lldpad-debuginfo-1.0.1-13.git036e314.el8.x86_64.rpm lldpad-debugsource-1.0.1-13.git036e314.el8.i686.rpm lldpad-debugsource-1.0.1-13.git036e314.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-10932 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcHqL9zjgjWX9erEAQg8uxAAp1sXX7k616voF4T1ESaLw/2xgwVpXcFA rssf0zsmwNH4Ckt/ehyTMTyeE2b0pEZajfQDLfP5u6Baz6YHJr3/gnDG8/ffHJZ5 alvJGBoWPTtgVvcmC/T8++eUyMQ9KmpG1SX6sUiIvTbxNVGAe8eYEWmEv3cOVNo9 fClotoOCiOc+T18xqHfBiUybFuqYYnApzb/UH5R0LEY5hND76PKaijrnNhw+vLe8 KOnfFu3h79IAfAFbSfj62LTKLNnScHtzNB5N0dlmt/UzyTX0yRZLD4ISqq4j6a7H svOTOb7w2PefY+pIN/nwooR2rcD9w98N7KmH2q+8euzE2x9BeuoEgBLe7hH40dSo P8siGfzIGhnw1xNdF/8VgUlow0HFRfNXycxVYtTJCwcPczrUFJr0NeaQ9ATwdToI N14/JjJ/dpLGoTboUAub2Nhgx3Y4PJEKqnNHfA0hC/0YJ6VHHtbXAmKFiHmZGiNz LwAUMQYQ4BcOU0eIy1y55rDy4drAmf1QI+QXq7A0Ax8e8uCxAVcjkoeYbS1ecl1V fbC9wtM5Ev/OMWt1nEJfsScDeqIUZKpOYk2nYPVB2EoDzyzlPKJKiv8T1Eu9brY3 WcffJxHFd2JhPvrxEj9YfCZK4Zk7UEN0swQMEURknKgbSEyaU79mnU6Qlk8DNSJ4 KxLsAQumMR8= =tsSa -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. Telus Actiontec T2200H The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TelusActiontec T2200H is a modem device from Telus, USA. A command injection vulnerability exists in the fileshare.cmd file in the TelusActiontecT2200H with firmware T2200H-31.128L.03. An attacker could exploit this vulnerability to inject operating system commands with the help of shell metacharacters in the smbdUserid or smbdPasswd fields

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. Multiple Yokogawa Products are prone to stack-based buffer overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Yokogawa ASTPLANNER, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa ASTPLANNER is a production planning system; iDefine for ProSafe-RS is a functional safety management tool in the system safety life cycle

D-Link DIR-300 is a D-Link wireless router product. The D-Link DIR-300 router contains files that contain vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. Embedthis GoAhead versions prior to 4.0.1 and Appweb versions prior to 7.0.2 have a security vulnerability

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address. Embedthis GoAhead and Appweb for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Embedthis GoAhead and Appweb are both products of Embedthis Software in the United States. Embedthis GoAhead is an embedded Web server. Appweb is a fast and small web server, which is mainly used for embedded applications, devices and web services, and supports security defense strategies, digest authentication, virtual hosts, etc. There are security vulnerabilities in Embedthis GoAhead versions prior to 4.0. and Appweb versions prior to 7.0.2

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. SystemUI application intents is one of the system applications. The vulnerability stems from the program's failure to perform correct access control. A remote attacker can use this vulnerability to bypass security restrictions by sending a specially crafted request and gain access to MLT applications

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. GNSS application is one of the global satellite navigation applications. The vulnerability stems from the program's failure to perform correct access control. Remote attackers can use this vulnerability to gain access to GNSS applications

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. SystemUI application intents is one of the system applications. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications

An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EltexESP-200 is a wireless router product

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eltex ESP-200 is a wireless router product. A security vulnerability exists in the Eltex ESP-200 using firmware version 1.2.0. A remote attacker could exploit this vulnerability to gain elevated privileges

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not correctly processing malformed packets. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. plural Huawei Firewall The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The vulnerability is caused by the program not processing malformed packets correctly. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EltexESP-200 is a wireless router product. An elevation of privilege exists in EltexESP-200 with firmware version 1.2.0. An attacker could exploit this vulnerability to activate a high-privileged user

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher RSA padding oracle. Cause a Bleichenbacher oracle attack. Successful exploit this vulnerability can impact IPSec tunnel security. plural Huawei Firewall The product contains cryptographic vulnerabilities.Information may be obtained. Huawei USG2205BSR etc. IPSEC IKEv1 is one of the Internet key exchange components. The following products and versions are affected: Huawei USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 firmware Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EltexESP-200 is a wireless router product. A security hole exists in the EltexESP-200 using firmware version 1.2.0

An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. Eltex ESP-200 Firmware contains an information disclosure vulnerability.Information may be obtained. The EltexESP-200 is a wireless router product

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia. A security vulnerability exists in Kraftway24F2XGRouter using firmware version 3.5.30.1118, which was caused by the program using SSLv2 and SSLv3. A remote attacker can exploit this vulnerability to perform a man-in-the-middle attack and decrypt the passed data

Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Kraftway 24F2XG Router The firmware contains a link interpretation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Kraftway24F2XGRouter is a wireless router product from Kraftway, Russia