VARIoT IoT vulnerabilities database

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. Xovis PC2 , PC2R and PC3 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. A cross-site request forgery vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware version 3.6.0 and earlier, which can be exploited by remote attackers to perform unauthorized operations

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Xovis PC2 , PC2R and PC3 The device includes XML An external entity vulnerability exists.Information may be obtained. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. An XML external entity injection vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware versions 3.6.0 and earlier, which can be exploited by an attacker to exploit information. An attacker could exploit this vulnerability to disclose information

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. Xovis PC2 , PC2R and PC3 The device contains a path traversal vulnerability.Information may be obtained. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. A directory traversal vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware versions 3.6.0 and earlier, which can be exploited by an attacker to exploit information

On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. EPSON WF-2750 Printer firmware contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. EPSONWF-2750 is a printer device from Epson Japan. The vulnerability stems from the printer web server failing to properly check the validity of the form before processing the HTML form. An attacker could use this vulnerability to redirect users to a malicious site

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100. EPSON WF-2750 The printer firmware contains a vulnerability related to channel and path errors.Information may be tampered with. EPSON WF-2750 is a printer made by EPSON Corporation of Japan

EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer. EPSON WF-2750 The printer firmware is vulnerable to the same origin policy violation.Information may be tampered with. EPSON WF-2750 is a printer made by EPSON Corporation of Japan. A security vulnerability exists in the EPSON WF-2750 printer using firmware version JP02I2 due to the program not communicating securely and not validating data adequately

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. Philips e-Alert Unit Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. There is a security vulnerability in Philips e-Alert R2.1 and earlier versions, the vulnerability is caused by the program not correctly limiting the size of the requested resource. An attacker could exploit this vulnerability to cause a denial of service (resource exhaustion)

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. Philips e-Alert Unit Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. An attacker could exploit this to obtain sensitive information

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Philips e-Alert Unit Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. There is a cross-site request forgery vulnerability in Philips e-Alert R2.1 and earlier versions. A remote attacker could exploit this vulnerability to perform unauthorized operations

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier. Philips e-Alert Unit Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. A session fixation vulnerability exists in Philips e-Alert R2.1 and earlier versions

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts. An attacker could exploit this vulnerability to gain elevated privileges

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Trend Micro Security 2018 (Consumer) The product contains vulnerabilities related to out-of-bounds reading and vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Trend Micro Security 2018 (Consumer) The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The service does not properly impersonate the client before executing sensitive operations. An attacker can leverage this vulnerability to escalate privileges to SYSTEM

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. When parsing the request buffer, the process does not properly validate user-supplied data, which can result in deserialization of untrusted data

Cybrotech CyBroHttpServer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CybrotechCyBroHttpServer is a communication server from Cybrotech, UK, for reading/writing CyBro variables by name. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with malicious links or web pages

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls. Orbic Wonder RC555L The device contains a vulnerability related to information disclosure from log files.Information may be obtained. OrbicWonder is a smartphone product from Orbic Corporation of the United States

Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code. plural Various VIVOTEK The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VIVOTEK (Jingrui Communication Co., Ltd.) is a manufacturer of network cameras and audio and video servers. A command injection vulnerability exists in the VIVOTEK network camera with firmware version lower than XXXXXX-VVTK-0X06a. Vivotek FD8*, etc. are Vivotek's network camera products of different models. The following products are affected: VIVOTEK FD8*; FD9*; FE9*; IB8*; IB9*; IP9*; IZ9*; MS9*; SD9*, etc

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain. Orbic Wonder RC555L Devices have vulnerabilities related to authorization, permissions, and access control.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Orbic Wonder is a smart phone product of Orbic Company in the United States. Orbic/RC555L/RC555L by Orbic Wonder: 7.1.2/N2G47H/329100b: A security vulnerability exists in user/release-keys

Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. ** Unsettled ** This case has not been confirmed as a vulnerability. Technicolor ( alias RCA) TC8305C The device contains vulnerabilities related to security functions. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-15907Service operation interruption (DoS) There is a possibility of being put into a state. TechnicolorTC8305C is a modem from the French Technicolor group. A buffer overflow vulnerability exists in TechnicolorTC8305C. An attacker could exploit the vulnerability to break a network connection

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls). Alcatel A30 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Alcatel A30 is a smartphone product. A security vulnerability exists in Alcatel A30 (with TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys). An attacker can exploit this vulnerability to execute commands as the root user