VARIoT IoT vulnerabilities database

When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52. Snapdragon Mobile Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm IPQ8074, etc. are all central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm IPQ8074, etc. are all central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. WebAccess Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the access controls that are set and modified during the installation of the product. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability stems from the fact that the software failed to properly verify the length of the data provided by the user. Advantech WebAccess is prone to the following security vulnerabilities: 1. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Both the TP-LinkTL-WR841N and TL-WR841ND are wireless router devices. TP-LinkTL-WR841N and TL-WR841ND cross-site request forgery vulnerability. The attacker exploited the vulnerability to perform certain administrator actions and gain unauthorized access to the affected application, as well as other attacks.

LG Network Storage N1A1DD1 is a network storage product (NAS). A remote command execution vulnerability exists in LG Network Storage N1A1DD1 sharedir.php. An attacker could use this vulnerability to execute arbitrary commands to control the device.

DocuPrint C1110 is a laser printer. FUJI XEROX DocuPrint C1110 has a command execution vulnerability. Attackers can use the vulnerability to execute commands, upload files, delete printer system files, and cause printer DOS.

LG Network Storage N1A1DD1 is a network storage product (NAS). There is a remote command execution vulnerability in LG Network Storage N1A1DD1 task_burning.php. An attacker can use this vulnerability to execute arbitrary commands to control the device.

LG Network Storage N1A1DD1 is a network storage product (NAS). There is a remote command execution vulnerability in LG Network Storage N1A1DD1 imgcopy.php. An attacker can use this vulnerability to execute arbitrary commands to control the device.

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. Reliance 4 SCADA/HMI Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Geovap Reliance 4 SCADA/HMI is a set of industrial process and building automation monitoring system of GEOVAP company in the Czech Republic. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. MailCleaner CE Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MailCleanerCE is an open source anti-spam gateway. The product is deployed between the mail infrastructure and the Internet and has features such as virus protection. A cross-site scripting vulnerability exists in the www/guis/admin/application/controllers/UserController.php file that manages the login interface in MailCleanerCE2018.08 and 2010.09. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending PATH_INFO to the admin/login/user/message/ page

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This issue being tracked by Cisco Bug ID CSCvk70841. Webex Productivity Tools is a video conference scheduling and management tool. update service is one of the update services

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. Eaton UPS 9PX The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EatonUPS9PX8000SP is a power management device from Eaton Corporation of the United States

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. EatonUPS9PX8000SP is a power management device from Eaton Corporation of the United States

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. EatonUPS9PX8000SP is a power management device from Eaton Corporation of the United States. The EatonUPS9PX8000SP has a password disclosure vulnerability

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. Neato Botvac Connected Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NeatoBotvacConnected is a vacuum robotic device from NeatoRobotics, USA. There is a command injection vulnerability in the setupAPI in NeatoBotvacConnected version 2.2.0. Neato Botvac Connected is a vacuum robot device from Neato Robotics in the United States

Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. Polycom VVX 500 and 601 The device contains a certificate validation vulnerability.Information may be obtained. Polycom VVX 500 and 601 are IP telephone products of American Polycom (Polycom) company

XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter. D-link DSL-2640T The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-linkDSL-2640T is a wireless router from D-Link. A cross-site scripting vulnerability exists in the cgi-bin/webcm page in D-linkDSL-2640T. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \342\200\230var:RelaodHref\342\200\231 or \342\200\230var:conid\342\200\231 parameter

AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. AudioCodes 440HD and 450HD The device contains a certificate validation vulnerability.Information may be obtained. AudioCodes 440HD and 450HD are IP telephone products of Israel AudioCodes company