VARIoT IoT vulnerabilities database
| VAR-201704-0129 | CVE-2016-5053 | OSRAM SYLVANIA Osram Lightify Home Vulnerable to arbitrary command execution |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
OSRAM SYLVANIA Osram Lightify Home has a security vulnerability in versions prior to 2016-07-26
| VAR-201704-0130 | CVE-2016-5054 | OSRAM SYLVANIA Osram Lightify Home Access control vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Home Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Home 2016-07-26 and previous versions. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services
| VAR-201704-0127 | CVE-2016-5051 | OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file
| VAR-201704-0128 | CVE-2016-5052 | OSRAM SYLVANIA Osram Lightify Home Vulnerabilities related to security functions |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. OSRAM SYLVANIA Osram Lightify Home Contains vulnerabilities related to security features.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company. Attackers can use this vulnerability to perform man-in-the-middle attacks to obtain SSL encrypted traffic
| VAR-201704-0163 | CVE-2015-7270 | plural Dell iDRAC Path traversal vulnerability in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Dell iDRAC is prone to a local directory-traversal vulnerability.
Exploiting this issue will allow an attacker to gain sensitive information and perform unauthorized actions.
The following products are vulnerable:
Versions prior to Dell iDRAC6 2.80
Versions prior to Dell iDRAC7 2.21.21.21
Versions prior to Dell iDRAC8 2.21.21.21
| VAR-201704-0164 | CVE-2015-7271 | Dell iDRAC7 and iDRAC8 Vulnerabilities related to format strings |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Dell iDRAC7 and iDRAC8 Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Dell iDRAC Products are prone to a remote format-string vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions
| VAR-201704-0165 | CVE-2015-7272 | plural Dell iDRAC Service disruption in products (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. Dell integrated Remote Access Controller is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data.
Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
iDRAC7and iDRAC8 versions prior to 2.21.21.21 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A buffer overflow vulnerability exists in Dell iDRAC 6 prior to 2.80, 7 and 8 prior to 2.21.21.21. An attacker could exploit this vulnerability to cause a denial of service
| VAR-201704-0166 | CVE-2015-7273 | Dell iDRAC7 and iDRAC8 In XML External entity vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201704-0167 | CVE-2015-7274 | Dell iDRAC6 For any administrator in HTTP Command execution vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. This may further aid in other attacks.
Versions prior to Dell iDRAC6 2.80 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
| VAR-201704-0168 | CVE-2015-7275 | plural Dell iDRAC Product cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The following products are vulnerable:
Dell iDRAC6 versions prior to 2.85
Dell iDRAC7 versions prior to 2.30.30.30
Dell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201704-0283 | CVE-2015-8255 |
AXIS Communications Cross-site request forgery vulnerability in product firmware
Related entries in the VARIoT exploits database: VAR-E-201703-0208 |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. AXIS Communications The product firmware contains a cross-site request forgery vulnerability.Cross-site request forgery may be executed. AXIS is a webcam
| VAR-201704-0136 | CVE-2016-5065 | Sierra Wireless GX 440 Device ALEOS Firmware command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands. An attacker could exploit this vulnerability to inject commands
| VAR-201704-0137 | CVE-2016-5066 | Sierra Wireless GX 440 Device ALEOS Vulnerability in managing certificates and passwords in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password vulnerability that can be exploited by remote attackers to submit special requests and recover passwords
| VAR-201704-0138 | CVE-2016-5067 | Sierra Wireless GX440 Command Injection Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a command injection vulnerability that can be exploited by remote attackers to submit special requests and execute arbitrary commands
| VAR-201704-0139 | CVE-2016-5068 | Sierra Wireless GX 440 Device ALEOS Firmware authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Sierra Wireless GX 440 Device ALEOS There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A verification problem vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware, which was caused by the program not requesting authentication for Embedded_Ace_Get_Task.cgi. An attacker could exploit this vulnerability to gain root/shell access
| VAR-201704-0140 | CVE-2016-5069 | Sierra Wireless GX 440 Device ALEOS Firmware session expiration vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Sierra Wireless GX 440 Device ALEOS The firmware contains a session deadline vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. A security vulnerability exists in the SierraWirelessGX440 device using version 4.3.2 ALEOS firmware. An attacker could exploit the vulnerability to access a management web application
| VAR-201704-0141 | CVE-2016-5070 | Sierra Wireless GX 440 Device ALEOS Vulnerability in managing certificates and passwords in firmware |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Sierra Wireless GX 440 Device ALEOS The firmware contains a vulnerability related to the management of certificates and passwords.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a weak password storage vulnerability that can be exploited by remote attackers to submit special requests for sensitive information
| VAR-201704-0142 | CVE-2016-5071 | Sierra Wireless GX 440 Device ALEOS Firmware vulnerabilities related to authorization, authority, and access control |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Sierra Wireless GX 440 Device ALEOS Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Sierra Wireless GX440 is a gateway device from Sierra Wireless, Canada. The SierraWirelessGX440 has a privilege escalation vulnerability that can be exploited by remote attackers to submit special requests and escalate permissions. A security vulnerability exists in the Sierra Wireless GX440 using ALEOS firmware version 4.3.2. An attacker can exploit this vulnerability to operate and manage web applications with root privileges
| VAR-201704-1424 | CVE-2017-7577 | XiongMai uc-httpd Vulnerable to directory traversal |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. XiongMaiuc-httpd is an HTTP protection program used by cameras from cameras such as XiongMai. A directory traversal vulnerability exists in XiongMaiuc-httpd
| VAR-201706-0816 | CVE-2017-7563 | ARM Trusted Firmware In MT_EXECUTE_NEVER Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH |
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).
Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
ARM Trusted Firmware through 1.3 are vulnerable; other versions may also be affected