VARIoT IoT vulnerabilities database

A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950. Vendors have confirmed this vulnerability Bug ID CSCvg41950 It is released as.Information may be tampered with

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. Cisco Policy Suite Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg47830 It is released as.Information may be obtained. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. RADIUS authentication module is one of the RADIUS protocol authentication modules

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170. Vendors have confirmed this vulnerability Bug ID CSCvg92737 and CSCvh60170 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco RV132WADSL2+Wireless-NVPNRouters and RV134WVDSL2Wireless-ACVPNRouters are routers of Cisco Systems of the United States. A remote command execution vulnerability exists in the CiscoRV132WADSL2+Wireless-NVPNRouter and RV134WVDSL2Wireless-ACVPNRouter. The vulnerability stems from the program failing to adequately filter the user's input. The /tr69cfg.cgi page POST request has a command injection at the parameter tr69cBoundIfName, which allows the attacker to execute arbitrary commands remotely. Failed exploit attempts will result in a denial-of-service condition

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application. CareFusion Upgrade Utility is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with administrative privileges

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Kaspersky Secure Mail Gateway is an email security solution from Kaspersky Lab in Russia. The program can automatically filter spam, phishing websites and various malicious attachments. A remote attacker could exploit this vulnerability to take control of an administrator account

In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization. F5 BIG-IP Product Traffic Management Microkernel (TMM) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. The F5BIG-IP Policy Enforcement Manager URL classification has a denial of service vulnerability that allows unauthenticated remote attackers to cause a denial of service (DoS) on the target system. Security vulnerabilities exist in F5 BIG-IP version 13.0.0, 12.0.0 through 12.1.3, and 11.6.0 through 11.6.2. An attacker could exploit this vulnerability to disrupt traffic or fail over the BIG-IP system to another device

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Kaspersky Secure Mail Gateway Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kaspersky Secure Mail Gateway is an email security solution from Kaspersky Lab in Russia. The program can automatically filter spam, phishing websites and various malicious attachments

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc

Ring (formerly DoorBot) video doorbells allow remote attackers to obtain sensitive information about the wireless network configuration by pressing the set up button and leveraging an API in the GainSpan Wi-Fi module. Ring ( Old DoorBot) Contains vulnerabilities related to certificate and password management.Information may be obtained. Ring (formerly known as DoorBot) videodoorbells is a smart doorbell with video function from Ring Company of the United States. There is a security hole in Ringvideodoorbells. A security flaw exists in Ring video doorbells

Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1. Kaspersky Secure Mail Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This product is mainly used for spam, phishing and malicious attachment protection, etc. An attacker can exploit this vulnerability to elevate privileges to root

GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. GE Xeleris Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE Xeleris is a medical image management system of General Electric (GE). GE Medical Devices are prone to a remote authentication-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device

WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. The program can automatically filter spam, phishing websites and various malicious attachments. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. ABB MicroSCADA Contains vulnerabilities related to authorization, permissions, and access control. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-5097 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB MicroSCADA is a substation monitoring software developed by ABB Switzerland for power transmission and distribution systems. The software includes Human Machine Interface (MMI) and flexible application engineering tools, and provides monitoring, event alarms, trend graph statistics and more

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html. OMRON NS The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OMRONNSdevices is a touch screen human interface programming device from Omron. There is a security vulnerability in the OMRONNS device version 1.1 to 1.3

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. Extreme Networks ExtremeWireless WiNG Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Secure MINT static message key is one of the static MIMT message keys. The Secure MINT static message key in Extreme Networks ExtremeWireless WiNG 5.x versions prior to 5.8.6.9 and 5.9.x versions prior to 5.9.1.3 has a security vulnerability. An attacker could exploit this vulnerability to decrypt packets by performing a man-in-the-middle attack

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets. Extreme Networks ExtremeWireless WiNG Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. WiNG Access Point (AP) is one of the wireless access point devices. A remote attacker could exploit this vulnerability with a specially crafted packet to cause a denial of service (crash)

Sprecher Automation GmbH provides switching equipment and automation solutions for energy, industrial and infrastructure construction. Power facilities, industries, transportation companies, municipal utilities and public institutions are all customers. (1) The authentication path traversal vulnerability exists in the web interface of Sprecher PLC. Allow authenticated users to read target system files. (2) Sprecher Automation SPRECON-E-C, PU-2433 client has a password hashing vulnerability. Since the hash of the password is calculated on the browser side, the hash of the password can also be used for login. (3) Sprecher Automation SPRECON-E-C, PU-2433 There is an unauthorized access vulnerability in the Telnet management service. Because the PLC is open telnet management service on TCP/2048 port. This interface can be used to control the PLC without any authentication. (4) Sprecher Automation SPRECON-E-C, PU-2433 has a denial of service vulnerability. A positive TCP SYN scan of a large number of ports triggers a PLC denial of service. Causes DOS attacks. Manual intervention is required to restore service availability. (5) Sprecher Automation SPRECON-E-C, PU-2433 has an old kernel vulnerability. Because the Linux kernel version of the PLC operating system is too old. Lead to a large number of known security vulnerabilities, potential security risks

R7000 is a wireless router from Netgear. NetGear R7000 has a command execution vulnerability. Allows attackers to use vulnerabilities to perform command injection via post requests.

Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access. Intel For graphics drivers, NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Graphics Driver is an integrated graphics driver developed by Intel Corporation

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. Citrix NetScaler VPX Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetScaler VPX provides complete NetScalerWeb and application load balancing, security and remote access, acceleration, security and offload capabilities with simple, easy-to-install virtual appliances. A server-side request forgery vulnerability exists in CitrixNetScalerVPX. Citrix NetScaler VPX is prone to a privilege-escalation vulnerability