VARIoT IoT vulnerabilities database

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. A buffer error vulnerability exists in Video in several Qualcomm products. A remote attacker could exploit this vulnerability via a specially crafted file to execute code on the system. The following products and versions are affected: MDM9206; MDM9607; MDM9650; MSM8909W; MSM8996AU; SD 210; SD 212; SD 205; SD 425; SD 430; SD 450; 625; SD 650/52; SD 820; SD 820A; SD 835; SD 845; SDX20

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Attackers can use mp4 files to exploit this vulnerability to cause denial of service or execute arbitrary code

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Attackers can use mp4 files to exploit this vulnerability to cause denial of service or execute arbitrary code

Secure camera logic allows display/secure camera controllers to access HLOS memory during secure display or camera session in Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850. plural Snapdragon The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). Kernels in several Qualcomm products have access control error vulnerabilities. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. The following products and versions (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 835; SD 845; SD 850

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm SD 820 and others are a central processing unit (CPU) product of Qualcomm (Qualcomm). An Input Validation Error vulnerability exists in UEFI in several Qualcomm products. The vulnerability stems from the failure of the network system or product to properly validate the input data

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845. plural Snapdragon The product contains an access control vulnerability.Information may be tampered with. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Snapdragon Mobile Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm SD210 and other Qualcomm's central processing unit (CPU) products for mobile devices. There are privilege escalation vulnerabilities in several Qualcomm products. An attacker could exploit this vulnerability to clean up RPMB. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. The following products (for mobile devices) are affected: Qualcomm SD 210; SD 212; SD 205; SD 845; SD 850

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016. plural Snapdragon The product contains an authorization vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. QualcommSD410 and others are a central processing unit (CPU) product of Qualcomm. An authorization vulnerability exists in the BluetoothController in several Qualcomm products that can be exploited by an attacker to trigger a RAMDump and FW reset. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. An access control error vulnerability exists in NAND-based EFS in several Qualcomm products. An attacker can exploit this vulnerability by using a specially crafted request to obtain the read and write permissions of the EFS partition. The following products are affected: Qualcomm MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; MSM8996AU; SD 615/16; SD 415; SD 617; SD 625; SD 650/52; SD 800; SD 810; SD 820; SD 820A; SD 835; SD 845; SD 850; ;Snapdragon_High_Med_2016

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. Dell EMC iDRAC6 Monolithic and Modular are both hardware and software system management solutions of Dell (Dell). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. PRTG Network Monitor Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. IceWarpMailServer is a mail server product from IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration, and more. A cross-site scripting vulnerability exists in webdav/ticket/URIs in IceWarpMailServer version 12.0.3

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include Wi-Fi passwords. This discovered key can be used for all instances of the product. Avalanche Contains a cryptographic vulnerability.Information may be obtained

Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. Hycus CMS Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Hycus CMS is a set of scalable open source content management systems (CMS) based on PHP and MySQL

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. ========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ========================== POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html ========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me ========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. ========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ========================== POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. TP-Link TL-WR841N Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkTL-WR841Nv13 is a wireless router device. An authentication command injection vulnerability exists in the TP-LinkTL-WR841Nv13ping and traceroute functions. An authenticated attacker can execute arbitrary commands on the router by sending a specific CREST HTTP request to the router

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. TP-Link TL-WR841N Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The TP-LinkTL-WR841Nv13 is a wireless router device. TP-LinkTL-WR841Nv13 has an authentication vulnerability