VARIoT IoT vulnerabilities database

A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Fuji Electric V-Server is a data collection software from Fuji Electric, Japan, and VPR is an array-based FPGA layout tool. Failed exploit attempts will likely cause a denial-of-service condition

Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. A variety of Huawei products MGCP protocol has a cross-border write vulnerability, which is due to the program failed to fully verify the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. There are security vulnerabilities in MGCP in many Huawei products. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause process reboot. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The vulnerability is due to the program failing to fully verify the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server. 3S-Smart CODESYS Web Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CODESYS is the core product of 3S-Smart Software Solutions GmbH. It is an IEC 61131-3 development environment for controller applications and CODESYS Control. It is a platform with a stand-alone system. Exploiting this issue may allow remote attackers to execute arbitrary code within the context of the affected application. Failed attacks will cause denial-of-service conditions. 3S-Smart CODESYS is a set of PLC (programmable logic controller) software programming tools. CODESYS Web Server is one of the web servers. CODESYS runtime system is a system for programming automation equipment

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific Certificate Revocation List(CRL) configuration files to the devices repeatedly. Due to not release allocated memory properly, successful exploit may result in memory leak and services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote attacker may send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause integer overflow and some process abnormal. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An integer overflow vulnerability exists in several Huawei products because the device failed to adequately verify some of the fields in the message. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. plural Huawei eSpace The product contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweie7910, 7950, and 8950 are the 7910, 7950, and 8950 series IP phones from China. The vulnerability was caused by the device failing to adequately verify the URL address. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following products and versions are affected: Huawei eSpace 7910 V200R003C30 version; eSpace 7950 V200R003C30 version; eSpace 8950 V200R003C00 version, V200R003C30 version

Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. Huawei eSpace 7950 and 8950 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweieSpace 7950 and 8950 are both Huawei's 7950 and 8950 series IP phones. The vulnerability is due to the program failing to adequately verify the message. After the remote attacker uploads the signal tone or language pack, it sends an attack to the device by sending a packet with special parameters, resulting in arbitrary code execution. Failed exploit attempts will likely cause a denial-of-service condition

Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. Huawei eSpace 7950 and 8950 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweieSpace 7950 and 8950 are both Huawei's 7950 and 8950 series IP phones. The vulnerability is due to the program failing to adequately verify the message. Failed exploit attempts will likely cause a denial-of-service condition

iballBaton150MWireless-NADSI.2+ is a wireless router from iBall India. The iballBaton150MWireless-NADSI.2+ router has hard-coded user credentials and remote command execution vulnerabilities. A remote attacker can log in to the router's web management interface through hard-coded user credentials. The user's input is not fully filtered in the Ping test function of the network diagnosis, allowing a malicious attacker to insert arbitrary commands into the ping test parameters, thereby remotely executing arbitrary commands. .

IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817. IBM DataPower Gateway Contains vulnerabilities related to insufficient validation of data reliability. Vendors have confirmed this vulnerability IBM X-Force ID: 136817 It is released as.Information may be tampered with. IBM DataPower Gateways is a set of security and integration platforms designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads from IBM Corporation of the United States, which can utilize dedicated gateways The platform secures, integrates and optimizes access across channels. A security vulnerability exists in IBM DataPower Gateways. The following versions are affected: IBM DataPower Gateways version 7.1, version 7,2, version 7.5, version 7.6

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. Huawei iBMC Contains an authorization vulnerability.Information may be obtained. Huawei iBMC is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Huawei iBMC is a server embedded intelligent management system developed by China Huawei (Huawei). The system has the functions of remote operation and maintenance, fault diagnosis, intelligent management and standardized interface management. There are security vulnerabilities in Huawei iBMC V200R002C10, V200R002C20, and V200R002C30

An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI. Netwave IP Camera The device contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NetwaveIPCameradevices is a webcam. A security vulnerability exists in the NetwaveIPCamera device. in the Netherlands

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800. Vendors have confirmed this vulnerability Bug ID CSCvg46800 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco AggregationServicesRouter (ASR) 9000 Series is a Cisco 9000 Series wireless controller product from Cisco. Cisco IOSXR Software is one of a modular, distributed network operating system

The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the HuaweiMate9ProNFC module due to a lack of parameter checking in the program. Multiple Huawei Products are prone to a buffer-overflow vulnerability. Failed exploit attempts will likely cause a denial-of-service condition

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. PHOENIX CONTACT mGuard The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \302\240Phoenix Contact mGuard is a security device for unauthorized access and installation of Phoenix Contact's protection system. PHOENIX CONTACT mGuard has unauthorized modification of the vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiCampusS9300 and other products are all products of China Huawei. CampusS9300 and other devices are all switch devices. WLAN AC6005 and so on are all access controller devices. eSapsoftwareplatform is a set of ESAP software platforms running on it. A heap buffer overflow vulnerability exists in eSapsoftwareplatform in several Huawei products. The Campus S9300 and others are switches. The following products and versions are affected: Huawei Campus S9300/ S7700/ S9700 Series switch V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC500 Version; Campus S5300/ S5700/ S6300/ S6700 Series switch V200R001C00SPC300 Version, V200R002C00SPC100 Version, V200R003C00SPC300 Version; AR150/ AR160/ AR200/ AR1200/ AR2200/ AR3200/ AR530/ NetEngine16EX/ SRG1300/ SRG2300/ SRG3300 series router V200R003C01SPC900 Version, V200R003C01SPC300 Version, V200R003C01SPC100 Version, V200R003C00SPC200 Version, V200R003C00SPC100 Version, V200R005C00SPC100 Version, V200R005C00SPC200 Version; WLAN AC6005/6605 V200R003C00SPC100 Version, V200R003C00SPC200 Version, V200R003C00SPC300 Version , V200R003C00SPC500 version, V200R005C00SPC100 version; WLAN ACU2 V200R005C00SPC100 version

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device. Conceptronic CIPCAMPTIWL The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ConceptronicCIPCAMPTIWL is an IP camera capable of recording audio and video and transmitting it over a network. A denial of service vulnerability exists in ConceptronicCIPCAMPTIWLV30.61.30.21. Conceptronic CIPCAMPTIWL is a wireless network camera product of German Conceptronic Company

/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. iBall300M is a wireless router product from iBall India. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the \342\200\230lang\342\200\231 parameter