VARIoT IoT vulnerabilities database

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Mitel ST Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. SAGA1-L8B The firmware contains a vulnerability related to input validation.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. SAGA1-L8B Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of communication between the transmitter and receiver. By sending a crafted re-pairing packet an attacker can force a receiver to pair with a new transmitter without user interaction. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. Snapdragon Mobile and Snapdragon Wear Contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in the Core in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to take full control of EL3. The following products (used in mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 835

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm FSM9055, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in several Qualcomm Snapdragon products. An attacker can exploit this vulnerability to cause a buffer out-of-bounds read

Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9640 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in Power in several Qualcomm products, which is caused by the program not fully allocating memory. An attacker could exploit this vulnerability to crash the application

While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in the SSC in several Qualcomm Snapdragon products due to the program's failure to validate user input. A local attacker could exploit this vulnerability to execute code or cause a denial of service

Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There are security vulnerabilities in Broadcast in several Qualcomm Snapdragon products. The vulnerability is caused by SDMX API not performing input validation. An attacker could exploit this vulnerability to cause a denial of service (null pointer backreference)

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TLMM banked GPIO registers is one of the GPIO register components. An access control error vulnerability exists in the TLMM banked GPIO registers in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to bypass protection mechanisms. The following products (for mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 425; SD 430; SD 450; SD 625;

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. Access Control module is one of the access control modules. An input validation vulnerability exists in the Access Control module in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to gain access to RPM

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. DSP Service module is one of the DSP (Digital Signal Processing) service modules. A buffer overflow vulnerability exists in DSP Services in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to cause a denial of service or execute code

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. Snapdragon Mobile Contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. Snapdragon Mobile Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm QCA9379 and others are products of Qualcomm (Qualcomm). Qualcomm QCA9379 is a WiFi module. SD 210, etc. are central processing unit (CPU) products applied to different platforms. Bluetooth controller is one of the Bluetooth controller components. An attacker could exploit this vulnerability to cause memory corruption. The following products (for mobile devices) are affected: Qualcomm QCA9379; SD 210; SD 212; SD 205; SD 625; SD 835; SD 845; SD 850; SDA660

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MSM8909W, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. An attacker can exploit this vulnerability by calling the Widevine app API continuously to cause the system to restart

Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in the Core of several Qualcomm Snapdragon products due to incorrect form merge conversion logic. An attacker could exploit this vulnerability to cause resource exhaustion and QSEE errors

Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660. Snapdragon Mobile and Snapdragon Wear Contains an information disclosure vulnerability.Information may be obtained. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TZ in several Qualcomm Snapdragon products has an information disclosure vulnerability, which is caused by the program not properly clearing the Secure Display buffer. A local attacker could exploit this vulnerability to obtain information. The following products (used in mobile devices and watches) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 835; SDA660

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable