VARIoT IoT vulnerabilities database

The D-LinkDIR-300 is a wireless router device. D-LinkDIR-300 has a cross-site request forgery vulnerability that allows an attacker to perform unauthorized operations, open remote access, and save settings.

Fuzhou Fuchang Weikong Electronic Technology Co., Ltd. is a technology company engaged in research, development and sales of products in the field of automation. Wecon PLC editor has a memory corruption vulnerability. The vulnerability is due to the need to call Tinyxml.dll when the program parses the project file and fails to parse the xml in the project file correctly. An attacker could exploit the vulnerability to cause memory corruption

A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors report this vulnerability CSCvi69808 , CSCvi69810 , CSCvi69814 , CSCvi69822 , CSCvi69827 , CSCvi69828 ,and CSCvi69836 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete bounds checks for data that is provided by the configuration and monitoring service of the affected solution. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, which could allow the attacker to execute arbitrary code with root privileges on the device or cause the vDaemon listening service to reload and result in a DoS condition on the device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi70003. Cisco SD-WAN Solution Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi70003 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Cisco SD-WAN Solution is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer

A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the load command within the VPN subsystem. The attacker must be authenticated to access the affected CLI parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69866. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69866 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. A CLI injection vulnerability exists in the CLI in versions prior to Cisco SD-WANSolution 18.3.0, which was caused by the program failing to perform sufficient input validation

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69974. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69974 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it

A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69906 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SD-WANSolution is a set of network expansion solutions running in it. A command injection vulnerability exists in the ZeroTouchProvisioning (ZTP) subsystem in versions prior to Cisco SD-WANSolution 18.3.0, which stems from a program failing to perform input validation. Cisco SD-WAN is prone to a local command-injection vulnerability

A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751. Cisco SD-WAN Solution Contains a command injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69751 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Cisco SD-WAN is prone to a local command-injection vulnerability

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937. Cisco SD-WAN Solution Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69937 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote code-execution vulnerability. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. * OS command injection (CWE-78) - CVE-2018-0643 * Buffer overflow (CWE-119) - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected product may execute an arbitrary command on the product - CVE-2018-0643 * If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition - CVE-2018-0644. The software supports functions such as electronic medical record management and collaboration software extensions. A buffer overflow vulnerability exists in ORCA, which can be exploited by an attacker to cause a denial of service

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856. Vendors have confirmed this vulnerability Bug ID CSCvi69852 and CSCvi69856 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680. Cisco Policy Suite Contains a vulnerability in the use of hard-coded credentials. Vendors have confirmed this vulnerability Cisco Bug IDs: CSCvh02680 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. Cluster Manager is one of the cluster managers

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. Vendors have confirmed this vulnerability Bug ID CSCvg71044 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Finesse is prone to a server-side request forgery vulnerability and an information-disclosure vulnerability. A successful exploit may allow an attacker to obtain sensitive information, perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The software improves call center service quality, improves customer experience, and increases agent satisfaction. The vulnerability stems from the fact that the program pre-fills the Password field of the login form with a password previously stored in the internal database

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2018-199-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.34-i586-1_slack14.2.txz: Upgraded. This update fixes two denial of service issues: mod_md: DoS via Coredumps on specially crafted requests mod_http2: DoS for HTTP/2 connections by specially crafted requests For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.34-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.34-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.34-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.34-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.34-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.34-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.34-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.34-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 91123a66731b7803ebac0f55e3099e81 httpd-2.4.34-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 49c0a8ae83d724da460b73a78ddf1dda httpd-2.4.34-x86_64-1_slack14.0.txz Slackware 14.1 package: d695afcd996b00f7dbe00c89bf1c0ee1 httpd-2.4.34-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 8ebc97729250d80d319174ff64ca2921 httpd-2.4.34-x86_64-1_slack14.1.txz Slackware 14.2 package: 149a610e5280fcfbbe1066fa9cfeb970 httpd-2.4.34-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7a35ce525340631b74e8ffe9e58f2b4c httpd-2.4.34-x86_64-1_slack14.2.txz Slackware -current package: d95348a370dd9c2edc92c6f2274b8ce2 n/httpd-2.4.34-i586-1.txz Slackware x86_64 -current package: daea307cb655b015c4bafcbec6ba9869 n/httpd-2.4.34-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.34-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAltPwl8ACgkQakRjwEAQIjM2gACdFx/ujiL+fhuVlaiEFb30V3G4 a2EAn3DP5XwN0g9OQlrQ+shbkmVYyFHh =zaoO -----END PGP SIGNATURE-----

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914. Cisco SD-WAN Solution Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69914 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. Vendors have confirmed this vulnerability Bug ID CSCvh66250 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The program includes features such as video conferencing, group messaging and file sharing

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. McAfee Web Gateway (MWG) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee WebGateway (MWG) is a security gateway product from McAfee. This product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in the administrative user interface in the McAfeeMWG7.8.1.x release. An attacker could exploit the vulnerability to gain elevated privileges. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. Vendors have confirmed this vulnerability IBM X-Force ID: 132032 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. The vulnerability is caused by the program using a weak cryptographic algorithm

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability. Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application. The product provides features such as threat protection, application control, and data loss prevention. The management interface in McAfee MWG 7.8.1.x version has a security vulnerability. An attacker could exploit this vulnerability to execute arbitrary code

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). MusicCenter / Trivum Multiroom Setup tool C4 Professional Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players). A remote attacker could exploit this vulnerability to unauthorized reset authentication by sending '?id=0&attr=protectAccess&newValue=0' GET request