VARIoT IoT vulnerabilities database
VAR-201702-0437 | CVE-2016-5919 | IBM Security Access Manager Vulnerability in decrypting important information |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing
VAR-201702-0801 | CVE-2017-3801 | Cisco UCS Director of Web Base of GUI Vulnerable to elevation of privilege |
CVSS V2: 4.6 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.
An attacker can leverage this issue to gain elevated privileges. This may aid in further attacks.
Cisco UCS Director versions 6.0.0.0 and 6.0.0.1 are vulnerable. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. A local attacker could exploit this vulnerability to perform arbitrary operations
VAR-201807-0128 | CVE-2016-9496 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201807-0127 | CVE-2016-9495 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201807-0126 | CVE-2016-9494 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities:
1. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201705-3256 | CVE-2017-5174 |
Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company
VAR-201705-3255 | CVE-2017-5173 |
Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service.
Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company
VAR-201702-1128 | No CVE | SAP NetWeaver Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP NetWeaver is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
VAR-201702-0669 | CVE-2017-2684 | Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication |
CVSS V2: 6.8 CVSS V3: 9.0 Severity: CRITICAL |
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG.
There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT
VAR-201705-4094 | CVE-2017-8913 | SAP NetWeaver AS JAVA of Visual Composer VC70RUNTIME In the component XML External entity attack vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. SAP Netweaver Visual Composer is prone to an information disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
VAR-201702-1124 | No CVE | SAP Netweaver Remote Authorization Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP Netweaver is prone to an authorization-bypass vulnerability.
Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks.
VAR-201805-0169 | CVE-2017-5175 | Advantech WebAccess DLL Hijacking vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A DLL hijacking vulnerability exists in Advantech WebAccess 8.1 and earlier. Advantech WebAccess is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.
Advantech WebAccess 8.1 and prior are vulnerable
VAR-201704-0652 | CVE-2017-5670 | Riverbed RiOS Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. RiverbedSteelhead is a hardware device used to optimize and accelerate network traffic. Implemented as a TLS endpoint, they have a secure library that stores the server's private TLS certificate. There is a local security bypass vulnerability in RiverbedRiOS. The attacker exploited the vulnerability to bypass some security restrictions and perform unauthorized operations
VAR-201702-0887 | CVE-2017-2374 | Apple GarageBand and Logic Pro X Update for vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-02-21-1 GarageBand 10.1.6
GarageBand 10.1.6 is now available and addresses the following:
Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos
Installation note:
GarageBand may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw
H10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW
Znr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL
Ali8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY
Ykn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn
K4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer
6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN
5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW
ypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu
+X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7
+Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga
b9ZTShls177KyTLSw0CW
=gmwM
-----END PGP SIGNATURE-----
VAR-201702-1107 | No CVE | There is a command execution vulnerability in the Rico Virtual VPN Gateway |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The virtual VPN gateway is a virtual gateway device of Ruike Electronic Technology Co., Ltd. There is a command execution vulnerability in the Rico Virtual VPN Gateway that allows an attacker to exploit arbitrary commands or reveal sensitive information.
VAR-201702-0190 | CVE-2016-7762 | Apple iOS Used in etc. Webkit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome
VAR-201702-0189 | CVE-2016-7761 | Apple macOS of WiFi Vulnerabilities in which important network configuration information is obtained in components |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. Apple macOS is prone to a local information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. WiFi is one of the wireless connectivity components
VAR-201702-0052 | CVE-2016-6249 | F5 BIG-IP of REST Vulnerability in obtaining important information in requests |
CVSS V2: 2.1 CVSS V3: 5.3 Severity: MEDIUM |
F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. Multiple F5 BIG-IP Products are prone to an information-disclosure vulnerability. This may lead to other attacks. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. REST Framework Logging is one of the logging framework components. The vulnerability stems from the fact that the program stores sensitive attributes (including passwords) in the /var/log/restjavad.0.log file in plain text. The following products and versions are affected: F5 BIG-IP LTM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AAM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AFM Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP Analytics version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP APM version 12.0.0, version 11.5.0 to 11.6. 1 version; BIG-IP ASM version 12.0.0, 11.5.0 through 11.6.1; BIG-IP DNS version 12.0.0; BIG-IP GTM version 11.5.0 through 11.6.1; BIG-IP Link Controller Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP PEM version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP WebSafe version 12.0.0, version 11.5.0 to 11.6. 1 version
VAR-201802-0165 | CVE-2017-5786 | HPE OfficeConnect Network switch access control vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14. HPOfficeConnect 1820 is a switch product of Hewlett-Packard (HP). A local security bypass vulnerability exists in HPOfficeConnectNetworkSwitches. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05388948
Version: 1
HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized
Data Modification
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
- HPE OfficeConnect 1820 8G Switch J9979A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 24G PoE+ (185W) Switch J9983A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 24G Switch J9980A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 48G PoE+ (370W) Switch J9984A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 48G Switch J9981A - all software versions prior to
PT.02.01 including: PT.01.03 through PT.02.01
- HPE OfficeConnect 1820 8G PoE+ (65W) Switch J9982A - all software
versions prior to PT.02.01 including: PT.01.03 through PT.02.01
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5786
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
The Hewlett-Packard Enterprise Company thanks Pekka Jrvinen (raspi) for
reporting this vulnerability to security-alert@hpe.com
RESOLUTION
HPE has made the following software update available to resolve the
vulnerability in the impacted versions of HPE OfficeConnect Network Switch.
Please install version PT.02.01 from the following location:
<http://www.hpe.com/networking/support>
HISTORY
Version:1 (rev.1) - 10 February 2017 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJYnjhQAAoJELXhAxt7SZai9rEH/0Dkt5wBcTqXFqVJ1Rj5wjiP
fr2BnjYMt7YO47zxQMMGMePhz081YKVaGdK3zmXc/Hlvi3fOlnikyPJF/Kse9QV+
wuv22Caym6PAHD5le64h6Uv8dm8XxSkZS2t0wuFYM4gAqfWWtjeYzOCww7tSyxpQ
Yq0190z/TooQduFNy/dV6oy0ACuOUKHJv8EWDP6HH2EQHBrqSgfoQEYuG05A6nLs
XE/odmUrM4D3gHTlP0Te1l3+ESaMwPl3zBaG/nlUsuc5yDTDzvolJt9bcLvq3NCw
gp7y56TKIdgIhwWD1gxoqBnOwDcEsDH7+mo9utSNMJHn0fiA7Onnnf3P/KIKE3U=
=CJ6j
-----END PGP SIGNATURE-----
VAR-201702-1105 | No CVE | TP-Link C2 and C20i Command Injection Vulnerabilities |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
TP-Link is a Chinese network equipment manufacturer such as routers and IOT equipment. There is a command injection vulnerability in the http management interface of TP-LinkC2 and C20i. An attacker could exploit this vulnerability to inject arbitrary shell commands and gain root privileges.