VARIoT IoT vulnerabilities database

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ROUTEDELETE command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products

A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. Canon LBP7110Cw Web There are authentication vulnerabilities in the interface. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-12048Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The CanonLBP7110Cw is a color laser printer device from Canon Inc. of Japan

A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. ** Unsettled ** This case has not been confirmed as a vulnerability. Canon LBP6030w Web There are authentication vulnerabilities in the interface. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-12049Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CanonLBP6030w is a color laser printer device from Canon Inc. of Japan

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Synology Router Manager (SRM) is a Synology software for configuring and managing Synology routers. EZ-Internet is one of the network configuration tools. EZ-Internet in versions earlier than Synology SRM 1.1.6-6931 has a command injection vulnerability

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. MediaTek AWUS036NH wireless USB The adapter contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A security vulnerability exists in versions prior to MediaTekAWUS036NH5.1.25.0

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. Synology Photo Station Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A remote attacker could exploit this vulnerability to perform unauthorized operations with the help of multiple parameters. (Multiple parameters include: username, password, admin, action, uid, and modify_admin)

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification. Synology DiskStation Manager (DSM) Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "AMD" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read of kernel memory) via a crafted app. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in AMD components in versions of Apple macOS High Sierra prior to 10.13.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in the Siri component in Apple iOS versions prior to 11.4

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Firmware" component. It allows attackers to modify the EFI flash-memory region that a crafted app that has root access. Apple macOS of Firmware Components include EFI A vulnerability exists that modifies the flash memory area.By an attacker, through an application with crafted root privileges, EFI The flash memory area may be changed. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Firmware component of Apple macOS High Sierra versions prior to 10.13.5

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A security vulnerability exists in the Messages component of Apple's iOS prior to 11.4

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Siri is one of the intelligent voice control components

The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. Vendors have confirmed this vulnerability Security Advisory 2089 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Remote attackers can use this vulnerability to inject SQL statements

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. EZ-Internet is one of the network configuration tools

liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. liyujing Contains a path traversal vulnerability.Information may be obtained

weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. weather.swlyons Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in weather.swlyons

easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error. easyquick Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in easyquick

gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. gaoxiaotingtingting Contains a path traversal vulnerability.Information may be obtained. Gaoxiaotingtingting has a directory traversal vulnerability

serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. serverwzl Contains a path traversal vulnerability.Information may be obtained. A directory traversal vulnerability exists in serverwzl