VARIoT IoT vulnerabilities database

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. Axis IP Camera Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in multiple modules in Axis IP Cameras that the program failed to restrict user access to dbus. An attacker could exploit this vulnerability to access the dbus-service interface

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. Axis IP Camera Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. There are security vulnerabilities in multiple modules in AxisIPCameras. An attacker could exploit the vulnerability to bypass the web-server authorization mechanism by sending an unauthenticated request

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. Axis IP Camera Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. A memory corruption vulnerability exists in multiple modules in AxisIPCameras. Several modules in Axis IP Cameras have security vulnerabilities

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. Axis IP Camera Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. A memory corruption vulnerability exists in multiple modules in AxisIPCameras. Several modules in Axis IP Cameras have security vulnerabilities

Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. Marlin is a 3D printer firmware based on the Arduino platform

Panabit is an intelligent application gateway software based on PanaOS operating system. Panabit has a command execution vulnerability. When the attacker obtains Web permissions, he can construct a payload for remote command injection to obtain root permissions of the device.

Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. Dell EMC iDRAC Service Module Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. EMC iDRAC Service Module 3.0.1, 3.0.2, 3.1.0, and 3.2.0 are vulnerable. The software extends the integrated Dell EMC Remote Access Controller (iDRAC) to the host operating system

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. SAJSolarInverter is a solar inverter product of China Sanjing Electric Company. An information disclosure vulnerability exists in SAJSolarInverter

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. NuCom WR644GACV The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NuComWR644GACV is a wireless dual-band router device from NuCom, Spain. There is a security hole in NuComWR644GACV

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. Google Home and Chromecast The device contains an information disclosure vulnerability.Information may be obtained. Google Home and Chromecast are both products of Google (Google). Chromecast is an Internet TV set-top box device. API services in Google Home and Chromecast have security flaws. A remote attacker could exploit this vulnerability to determine the physical location of most web browsers

Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Nagios XI has multiple SQL injection vulnerabilities. An attacker can use the vulnerability to obtain sensitive database information.

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. ECESSA ShieldLink SL175EHQ The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highlyaffordable secure WAN Optimization Controllers that incorporate all of the ISP/WANlink.The application interface allows users to perform certain actionsvia HTTP requests without performing any validity checks to verify therequests. This can be exploited to perform certain actions with administrativeprivileges if a logged-in user visits a malicious web site.Tested on: lighttpd/1.4.35. ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA in the United States, which includes functions such as ISP/WAN link aggregation, load balancing, and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4

DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. DIGISOL DG-BR4000NG The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DIGISOLDG-BR4000NG is a wireless router product from DIGISOLSYSTEMS, Mumbai. An attacker could exploit the vulnerability with a longer Authorization HTTP header to execute arbitrary code or cause a denial of service

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). DIGISOL DG-BR4000NG The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLDG-BR4000NG is a wireless router product from DIGISOLSYSTEMS, Mumbai. A cross-site scripting vulnerability exists in DIGISOLDG-BR4000NG. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with SSID (client-only authentication)

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. InsteonHDIPCameraWhite2864-222 is an IP camera product from Insteon, USA. A buffer overflow vulnerability exists in the webService binary in InsteonHDIPCameraWhite2864-222. The attacker can exploit this vulnerability to hijack the control flow with the help of a specially crafted usr keyword

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. TP-Link TL-WA850RE Wi-Fi Range Extender Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WA850REWi-FiRangeExtender is a wireless network signal extender from China TP-LINK. A heap buffer overflow vulnerability exists in TP-LinkTL-WA850REWi-FiRangeExtender using TL-WA850RE_v5_180228 firmware

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. TP-Link TL-WA850RE Wi-Fi Range Extender Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkTL-WA850RE is a wireless extender. A remote arbitrary code execution vulnerability exists in TP-LinkTL-WA850REWi-FiRangeExtender using TL-WA850REv5 firmware

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. TP-Link TL-WA850RE Wi-Fi Range Extender Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WA850REWi-FiRangeExtender is a wireless network signal extender from China TP-LINK. A security vulnerability exists in TP-LinkTL-WA850REWi-FiRangeExtender using TL-WA850RE_v5_180228 firmware

The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. InsteonHDIPCameraWhite2864-222 is an IP camera product from Insteon, USA. A buffer overflow vulnerability exists in the webService binary in InsteonHDIPCameraWhite2864-222