VARIoT IoT vulnerabilities database

A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL injection attacks, aka A10-2017-0008. An attacker can exploit this vulnerability to execute arbitrary SQL commands by sending specially crafted SQL statements

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiManager 6.0.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Zyxel VMG3312 B10B The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyxelVMG3312B10B is an Internet access gateway device from ZyXEL Technology. A cross-site scripting vulnerability exists in ZyxelVMG3312B10B. A remote attacker could exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \342\200\230hostname\342\200\231 parameter to pages/connectionStatus/connectionStatus-hostEntry.cmdURL

Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. ** Unsettled ** This case has not been confirmed as a vulnerability. Technicolor TC7200.20 The device contains vulnerabilities related to security functions. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-15852Service operation interruption (DoS) There is a possibility of being put into a state. TechnicolorTC7200.20 is a modem device from Technicolor, India. A buffer overflow vulnerability exists in TechnicolorTC7200.20

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07

Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like the network SSID and password. Netwave IP camera Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetwaveIPcamera is a network camera produced by Netwave Systems B.V. of the Netherlands. An information disclosure vulnerability exists in the /etc/RT2870STA.dat file in the NetwaveIP camera

Information disclosure in Netwave IP camera at get_status.cgi (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information from the device. NetwaveIPcamera is a network camera produced by Netwave Systems B.V. of the Netherlands

AP series is a new generation of programmable controller (PLC) newly developed by Taian Technology. Taian Technology AP-PCLINK setup V1.5 has a memory corruption vulnerability. This vulnerability is due to the failure of AP-PCLINK to read the malformed project to verify the availability of the function pointer. An attacker could exploit the vulnerability to cause the null pointer memory to be read, causing memory corruption

Taian Technology (Wuxi) Co., Ltd. is a manufacturer, sales and R & D of a series of industrial control and low voltage electrical and power distribution products, namely electronics and component products. There is a memory read out-of-bounds vulnerability in Taian SG2 software. This vulnerability is due to the failure of SG2 software to verify the availability of function pointers when reading malformed projects. An attacker could use the vulnerability to cause memory reads to cross boundaries and cause denial of service

TP03-software V21 is a programmable controller. Taian Technology TP03-Software V21 has a memory read out-of-bounds vulnerability. The vulnerability is due to the failure of TP03-software to read the malformed project to verify that the function pointer is available. An attacker could use the vulnerability to cause the memory read to cross the boundary and cause a denial of service

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload. Mutiny Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MutinyMonitoringAppliance is a network monitoring device from Mutiny, UK. A command injection vulnerability exists in the maintenance.cgi file in versions prior to MutinyMonitoringAppliance6.1.0-5263. An attacker could use this vulnerability to inject arbitrary commands into a file name. [Version Tested] Version 6.1.0-5191 was tested and is vulnerable. [Solution] Upgrade to v6.1.0-5263. [Reference] https://www.mutiny.com/mutiny-support/previous-releases/ (Under the "Patches/Bugs" Fixed section) [Timeline] August 12, 2018 - A detailed report and exploit was sent to the vendor. August 13, 2018 - The vendor released a patch (version 6.1.0-5263). August 19, 2018 - Mitre assigned a CVE

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product. Dell 2335dn Printer Printer firmware, Engin firmware, Network The firmware contains a vulnerability related to certificate and password management. Dell 2335dn is a multifunctional laser printer product of Dell (Dell). An attacker could exploit this vulnerability to retrieve the configured SMTP or LDAP password and possibly authenticate with an empty default administrator account password

Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port. plural BD Alaris The product is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BDAlarisGS and so on are different series of medical syringe pumps from BD. A mis-certification vulnerability exists in several BD products due to software failure to perform authentication on features that require authentication. The vulnerability could be exploited by a remote attacker to gain unauthorized access to the Alaris syringe pump, affecting the operation of the syringe pump. Multiple BD Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. BD Alaris GS, etc. The following products and versions are affected: BD Alaris GS 2.3.6 and earlier; BD Alaris GH 2.3.6 and earlier; BD Alaris CC 2.3.6 and earlier; BD Alaris TIVA 2.3.6 and earlier

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system. Mikrotik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router. Security vulnerabilities existed in versions prior to MikrotikRouterOS 6.42.7 and versions prior to 6.40.9

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting. Mikrotik RouterOS Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikRouterOS is a Linux-based routing operating system developed by MikroTik of Latvia. This system turns a PC into a professional router

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. Insteon Hub There are authentication vulnerabilities in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States