VARIoT IoT vulnerabilities database

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. E42-80 firmware, e42-80 isk firmware, e52-80 firmware etc. Lenovo The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Bootgaurd is prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker could exploit this vulnerability to cause DNS cache data to persist on the target system. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.2.1 to version 11.5.6

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5BIG-IP version 13.0.0 through 13.1.0, 12.1.0 through 12.1.3, and 11.2.1 through 11.6.3. The vulnerability stems from a configuration file associated with QoE. Security vulnerabilities exist in F5 BIG-IP versions 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, and 11.2.1 to 11.6.3

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker can exploit this vulnerability to cause the communication management microkernel (TMM) to generate a core file and interrupt the service. The following versions are affected: F5 BIG-IP version 13.1.0 to 13.1.0.5, 13.0.0, 12.1.0 to 12.1.3.1, 11.6.0 to 11.6.3.1, 11.5.0 to 11.5 .6 version

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5BIG-IP that can be exploited by remote attackers to cause the Communication Management Microkernel (TMM) to generate a core file and interrupt the service. A security vulnerability exists in the F5 BIG-IP. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.5.0 to version 11.5.6

TP-LINK WAR302 is an enterprise-class 300M wireless VPN router that supports multiple VPN clients and supports online behavior management. A command execution vulnerability exists in the TP-LINK WAR302 router. The vulnerability stems from the failure to properly filter the parameters submitted by users. Attackers can use the vulnerability to execute arbitrary code.

Yestv camera is a smart monitor for wireless network wifi. An unauthorized access vulnerability exists in the camera of yestv. By obtaining the address and username and password, an attacker can use the vulnerability to obtain video information of the camera.

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. plural F5 The product contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained. F5 BIG-IP big3d Process is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. Security flaws exist in several F5 products. The vulnerability stems from the fact that the big3d process does not remove elevated group privileges at startup

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. AVEVA InduSoft Web Studio and InTouch Machine Edition Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA InduSoft Web Studio and InTouch Machine Edition are products of AVEVA Group plc, UK. AVEVA InduSoft Web Studio is a set of industrial control configuration software. InTouch Machine Edition is an embedded HMI package. Attackers can exploit this issue to execute arbitrary code within the context of the affected device. Failed exploit attempts will likely cause a denial-of-service condition

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process. AVEVA InTouch 2014 and InTouch 2017 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA InTouch is an embedded HMI software package from AVEVA Group plc, UK. The product provides read, write tag and event monitoring for HMI clients. There is a security hole in AVEVA InTouch. AVEVA InTouch is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. TP-Link WR840N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The TP-LinkWR840N is a wireless router product from China Unicom (TP-LINK). A buffer overflow vulnerability exists in TP-LinkWR840N

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. Moxa NPort 5210 , 5230 and 5232 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5210, 5230 and 5232 are all Moxa's serial communication servers for connecting industrial serial devices to the network. A security vulnerability exists in Moxa's NPort 5210, 5230, and 52322.9build17030709 and earlier versions that caused the program to fail to limit the size of the requested resource. An attacker could exploit the vulnerability to cause a denial of service. Moxa NPort is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to resource exhaustion and crash the affected application, denying service to legitimate users. There are security vulnerabilities in Moxa NPort 5210, 5230, and 5232 2.9 build 17030709 and earlier versions

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IPAddress parameter of the ABB BeFesto OPC Driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of an administrator. ABB Panel Builder 800 is a web-based HMI (Human Machine Interface) system from ABB, Switzerland

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could allow arbitrary code execution on the system of a targeted user. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvi02621, CSCvi02965, CSCvi63329, CSCvi63333, CSCvi63335, CSCvi63374, CSCvi63376, CSCvi63377, CSCvi63391, CSCvi63392, CSCvi63396, CSCvi63495, CSCvi63497, CSCvi63498, CSCvi82684, CSCvi82700, CSCvi82705, CSCvi82725, CSCvi82737, CSCvi82742, CSCvi82760, CSCvi82771, CSCvj51284, CSCvj51294. Vendors have confirmed this vulnerability Bug IDs: CSCvi02621 , CSCvi02965 , CSCvi63329 , CSCvi63333 , CSCvi63335 , CSCvi63374 , CSCvi63376 , CSCvi63377 , CSCvi63391 , CSCvi63392 , CSCvi63396 , CSCvi63495 , CSCvi63497 , CSCvi63498 , CSCvi82684 , CSCvi82700 , CSCvi82705 , CSCvi82725 , CSCvi82737 , CSCvi82742 , CSCvi82760 , CSCvi82771 , CSCvj51284 , CSCvj51294 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. When parsing an ARF file, the process does not properly validate the length of user-supplied data prior to copying it to a heap-based buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of WRF files. Crafted data can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to launch the file in the Webex recording players. Exploitation of these vulnerabilities could cause an affected player to crash, resulting in a denial of service (DoS) condition. The Cisco Webex players are applications that are used to play back Webex meetings that have been recorded by an online meeting attendee. The Webex Network Recording Player for .arf files can be automatically installed when the user accesses a recording that is hosted on a Webex server. The Webex Player for .wrf files can be downloaded manually. These vulnerabilities affect ARF and WRF recording players available from Cisco Webex Meetings Suite sites, Cisco Webex Meetings Online sites, and Cisco Webex Meetings Server. Cisco Bug IDs: CSCvh70253, CSCvh70268, CSCvh72272, CSCvh72281, CSCvh72285, CSCvi60477, CSCvi60485, CSCvi60490, CSCvi60520, CSCvi60529, CSCvi60533. Vendors have confirmed this vulnerability Bug ID CSCvh70253 , CSCvh70268 , CSCvh72272 , CSCvh72281 , CSCvh72285 , CSCvi60477 , CSCvi60485 , CSCvi60490 , CSCvi60520 , CSCvi60529 ,and CSCvi60533 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient access restrictions to the HTTP management interface of the affected solution. An attacker could exploit this vulnerability by sending a malicious HTTP request to the affected management service through an authenticated device. A successful exploit could allow the attacker to execute arbitrary code with vmanage user privileges or stop HTTP services on an affected system. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69976. Vendors have confirmed this vulnerability Bug ID CSCvi69976 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Failed exploit attempts may result in a denial-of-service condition

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system. The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI Mode running software version 13.0(1k). The vulnerability can only be exploited when unicast routing is enabled on the Bridge Domain (BD). DHCP and DHCP relay do not have to be configured for the vulnerability to be exploited. Cisco Bug IDs: CSCvg38918. Vendors have confirmed this vulnerability Bug IDs: CSCvg38918 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the Open Systems Gateway initiative (OSGi) interface of Cisco Policy Suite before 18.1.0 could allow an unauthenticated, remote attacker to directly connect to the OSGi interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by directly connecting to the OSGi interface. An exploit could allow the attacker to access or change any files that are accessible by the OSGi process. Cisco Bug IDs: CSCvh18017. Cisco Policy Suite Is vulnerable to a lack of authentication for critical functions. Vendors have confirmed this vulnerability Bug IDs: CSCvh18017 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources

A vulnerability in the Policy Builder interface of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to access the Policy Builder interface. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by accessing the Policy Builder interface. A successful exploit could allow the attacker to make changes to existing repositories and create new repositories. Cisco Bug IDs: CSCvi35109. Vendors have confirmed this vulnerability Bug IDs: CSCvi35109 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This solution provides functions such as user-based business rules, real-time management of applications and network resources

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287. Cisco Webex Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvj33287 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)