VARIoT IoT vulnerabilities database

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). Touchpad / Trivum WebTouch Setup V9 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Touchpad/Trivum WebTouch Setup is a tool for installing and setting up a touch screen control device for a streaming media source (music player). There is a security vulnerability in Touchpad/Trivum WebTouch Setup V9 2.53 build 13163

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players)

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. Vendors have confirmed this vulnerability IBM X-Force ID: 130812 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. MusicCenter / Trivum Multiroom Setup tool C4 Professional Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players). A remote attacker can use the '/xml/system/control.xml' URL to exploit this vulnerability to cause the device to reboot or execute arbitrary code

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. Touchpad / Trivum WebTouch Setup V9 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Touchpad/Trivum WebTouch Setup is a tool for installing and setting up a touch screen control device for a streaming media source (music player). There is a security vulnerability in Touchpad/Trivum WebTouch Setup V9 2.53 build 13163. A remote attacker can use the '/xml/system/control.xml' URL to exploit this vulnerability to cause the device to reboot or execute arbitrary code on the system

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. Vendors have confirmed this vulnerability IBM X-Force ID: 140688 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. IBM Sterling B2B Integrator is a set of software integrated with important B2B processes, transactions and relationships from IBM Corporation of the United States. The software supports secure integration of complex B2B processes with diverse partner communities

The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. VelotiSmart WiFi B-380 camera is a network camera device. uc-http service is one of the HTTP service components. Attackers can exploit this vulnerability to obtain device configuration, wireless scan network and sensitive directory information

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N'Vision Clinician Programmer and 8870 N'Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\'\'Vision removable Application Card is a flash memory card

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. Lenovo Smart Assistant Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in versions of the Lenovo Smart Assistant Android app prior to 12.1.82. Attackers in close proximity can exploit this vulnerability to enter factory detection mode and open web services and gain permissions (such as changing settings and running code)

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. Lenovo Help Android The application contains an access control vulnerability.Information may be obtained. Lenovo Help Android app is an application provided by China Lenovo (Lenovo) to provide online support for Lenovo computers, mobile phones and data centers and other products. This program is mainly used to view the device information and warranty status of Lenovo products, etc. Attackers can use this vulnerability to disclose about 400 email addresses and 8,500 mobile phone serial numbers (IMEI)

Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. Eaton 9000X DriveA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of a TLF file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. The Eaton 9000XDrive is a converter from Eaton Corporation of the United States that integrates a data logger function to monitor multiple drives simultaneously. Failed exploit attempts will likely cause a denial-of-service condition. 9000X Drive 2.0.29 and prior are vulnerable

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. A buffer overflow vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. A buffer overflow vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NECNECAtermHC100RC is a network camera from NEC. An operating system command injection vulnerability exists in NECAtermHC100RC using firmware version 1.0.1 and earlier

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NEC Aterm HC100RC is a network camera from NEC. An operating system command injection vulnerability exists in NEC Aterm HC100RC with firmware version 1.0.1 and earlier