VARIoT IoT vulnerabilities database

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range. NOTE: The vendor states "Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do. Customers do not need to take any action for these mitigations to work. ** Unsettled ** This case has not been confirmed as a vulnerability. Amazon Echo The device contains a session fixation vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-11567Information may be obtained

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. plural TP-LINK The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LINKIPCTL-IPC223(P)-6 is a different type of network camera product from China TP-LINK. An access control error vulnerability exists in the /usr/lib/lua/luci/websys.lua file in several TP-LINK products. The vulnerability stems from the use of hard-coded passwords by the program, which can allow an attacker to exploit the vulnerability and reveal information

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. plural TP-LINK The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LINKIPCTL-IPC223(P)-6 is a different type of network camera product from China TP-LINK. A remote code execution vulnerability exists in several TP-LINK products. The vulnerability stems from the receipt of multiple punctuation characters in the /usr/lib/lua/luci/torchlight/validator.lua file. A remote attacker can exploit this vulnerability to execute arbitrary code

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication. Vgate iCar 2 Wi-Fi OBD2 The dongle is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vgate iCar 2 Wi-Fi OBD2 Dongle is a car fault detection device from China VgateTechnology company

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public. Vgate iCar 2 Wi-Fi OBD2 Dongle is a car fault detection device from China VgateTechnology company. An attacker could exploit this vulnerability to leak all transmission data of the car

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. Vgate iCar 2 Wi-Fi OBD2 The dongle contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vgate iCar 2 Wi-Fi OBD2 Dongle is a car fault detection device from China VgateTechnology company. An attacker could exploit this vulnerability to gain access to data buses (e.g

A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). HCL legacy IVR There is an input validation vulnerability in the system.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this vulnerability to open services or obtain sensitive information

KingView is the first industrial configuration software product launched by Beijing Yakong Technology Co., Ltd. in China. Asia Controls Kingview 6.55 version has a denial of service vulnerability. Remote attackers can send malformed packets to this port, which can cause the TouchView program to crash and exit

ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. ntfserver Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ntfserver is a central server for collecting and displaying ntfd data

upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. NUUO NVRmini 2 The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUONVRmini2 is a video storage management device of NUUO Corporation of the United States. There is a security hole in the upload.php file in NUUONVRmini2. php files)

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. Ruckus ICX7450-48 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The Ruckus ICX7450-48 is a switch device from Ruckus Wireless

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. A remote code upload vulnerability exists in the DCCE MAC1100 PLC. Attackers can use this vulnerability to construct malicious control codes, remotely upload control codes in arbitrary PLCs, and overwrite the original control codes in PLCs, affecting the availability and integrity of the system and the normal operation of the PLC

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. The DCCE MAC1100 PLC has an arbitrary memory tampering vulnerability. An attacker can use this vulnerability to arbitrarily write and tamper with the contents of a variable area, construct a malicious data packet to arbitrarily read and write the value of the output coil, and affect the normal operation of the PLC. PLC Normal operation

MAC1100 PLC Programmable Logic Controller (PLC) is a product in the Dalian CECE Programmable Logic Controller (PLC) series. DCCE MAC1100 PLC has an arbitrary file reading vulnerability. An attacker could use this vulnerability to read the contents of any variable area of the controller

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained

DrayTek is a Taiwanese broadband CPE (client device) manufacturer that manufactures devices including routers, switches, firewalls and VPN devices. There is a 0day vulnerability in the DrayTek router. An attacker can exploit the vulnerability to modify the DNS configuration and then redirect the user to the phishing website through a man-in-the-middle attack to steal data.

Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers of Pulian Technology Co., Ltd. Command execution vulnerability exists in multiple TP-Link enterprise routers. An attacker could use the vulnerability to elevate from administrator privileges to root privileges.

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. This product is mainly used to manage and share product designs, files, BOM And data etc. Attackers can use specially made URL Use this vulnerability to inject html or JavaScript Code, modify or rewrite the login page

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. BeaconMedaes Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. The TotalAlert Web Application is one of the web-based hypervisors. An attacker could exploit this vulnerability to retrieve default or user-defined credentials that were not stored and delivered securely

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier