VARIoT IoT vulnerabilities database

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. Samsung SmartThings Hub STH-ETH-250 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. The camera ID of the 'sync' operation

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. Samsung SmartThings Hub STH-ETH-250 The firmware contains a certificate validation vulnerability.Information may be obtained. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Lenovo xClarity Administrator Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. There are security vulnerabilities in the Web API in versions earlier than Lenovo LXCA 2.1.0

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. Attackers can exploit this vulnerability to implement man-in-the-middle attacks and control non-HTTPS sessions

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI. IMM2 Contains a vulnerability in the use of hard-coded credentials.Information may be obtained

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of UMP files. When parsing the TrendSet WordAddr4 element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. WECON LeviStudio is a set of human interface programming software from WECON, China

Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition. HuaweiMate9Pro and P10Plus are both Huawei's smartphone products. The MediaPadM3 is a tablet. There are buffer overflow vulnerabilities in Huawei's various products, and the driver failed to fully verify the program's input. Mdapt Driver is one of the dithering effect drivers

The D-Link DAP-1360 is a wireless router. D-LinkDAP-1360 has file path traversal and cross-site scripting vulnerabilities that allow remote attackers to read passwords with incorrect parameters, resulting in absolute path traversal attacks.

SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. ZTE ZXIPTV-UCM The product includes SQL An injection vulnerability exists.Information may be obtained. ZTEZXIPTV-UCM is a set-top box device from China ZTE Corporation (ZTE)

SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. ZTE ZXCDN-SNS Products include SQL An injection vulnerability exists.Information may be obtained. ZTEZXCDN-SNS is a hardware device of China ZTE Corporation (ZTE)

All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. ZTE ZXR10 1800-2S There are vulnerabilities related to certificate / password management and authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEZXR101800-2SZSRV2 is a router product of China ZTE Corporation (ZTE)

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. ZTE ZXIPTV-EPG Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEZXIPTV-EPG A set-top box device from China ZTE Corporation (ZTE). A Java deserialization vulnerability exists in previous versions of ZTEZXIPTV-EPG5.09.02.02T4. The vulnerability stems from the use of the JavaRMI service. Execute arbitrary code

On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Zones accept NOTIFY messages on the management interface from source IP addresses not listed in the 'Allow NOTIFY From' configuration parameter when the db variable "dnsexpress.notifyport" is set to any value other than the default of "0". plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. BIG-IPDNS is one of the traffic managers. A security vulnerability exists in F5BIG-IPDNS version 13.1.0 to 13.1.0.7 and 12.1.3 to 12.1.3.5. The vulnerability stems from setting the database variable 'dnsexpress.notifyport' to something other than the default '0' value. The source IP address of the NOTIF message received by DNSExpress/DNSZones on the management interface is not in the configuration parameter 'AllowNOTIFYFrom'. This vulnerability could be exploited by an attacker to cause DNS Express to continuously detect updates. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2). plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device from F5 in the United States that integrates network traffic management, application security management, load balancing and other functions. There are security vulnerabilities in F5 BIG-IP. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a a denial-of-service condition. The following versions are affected: F5 BIG-IP version 13.0.0 to 13.1.0.7, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1, 11.2.1 to 11.5.6

F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". plural F5 BIG-IP The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive memory consumption. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. When the HTTP/2 configuration file is enabled, an attacker can exploit this vulnerability to cause denial of service (abnormal value of consumed memory resources). The following versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1; BIG-IP AAM 13.0.0 to 13.1 .0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1; BIG-IP AFM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6. 0 to 11.6.3.1; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1; BIG-IP APM 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3.5, version 11.6.0 to version 11.6.3.1; BIG-IP ASM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3.5, 11.6.0 to 11.6.3.1; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1; BIG-IP PEM; BIG-IP WebSafe version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3.5, version 11.6.0 to version 11.6.3.1

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end. plural F5 The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. There is a security hole in F5BIG-IP. A security vulnerability exists in the F5 BIG-IP. The following versions are affected: F5 BIG-IP version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3.5, 11.6.0 to 11.6.3.1, 11.2.1 to 11.5.6

F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. plural F5 BIG-IP The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. An attacker could exploit this vulnerability to disclose and modify the monitor's traffic. The following versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.0.1, 12.1.0 to 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP AAM 13.0.0 to 13.0 .1 version, 12.1.0 to 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP AFM 13.0.0 to 13.0.1, 12.1.0 to 12.1.3.6, 11.2. 1 to 11.6.3.2; BIG-IP Analytics 13.0.0 to 13.0.1, 12.1.0 to 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP APM 13.0.0 to version 13.0.1, version 12.1.0 to version 12.1.3.6, version 11.2.1 to version 11.6.3.2; BIG-IP ASM version 13.0.0 to version 13.0.1, version 12.1.0 to version 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP DNS 13.0.0 to 13.0.1, 12.1.0 to 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP Edge Gateway 13.0 .0 to 13.0.1, 12.1.0 to 12.1.3.6, 11.2.1 to 11.6.3.2; BIG-IP FPS 13.0.0 to 13.0.1, 12.1.0 to 12.1. Version 3.6, version 11.2.1 to 11.6.3