VARIoT IoT vulnerabilities database

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. Vendors have confirmed this vulnerability Bug ID CSCvh68311 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Management Console is one of the management console programs

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. Meross MSS110 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Meross MSS110 is a smart WiFi socket device produced by China Meross Technology Company. There are security vulnerabilities in Meross MSS110 1.1.24 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service or obtain information

Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. Meross MSS110 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MerossMSS110 is a smart WiFi socket device from China's Meross Technology. One of the TELNET listener components of TELNETlistenerhi. A security vulnerability exists in the TELNETlistener in versions prior to MerossMSS1101.1.24

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789. Vendors have confirmed this vulnerability Bug ID CSCvc79502 and CSCvf71789 It is released as.Information may be tampered with. IOSSoftware is a set of operating systems running on it. The product provides security policy, intrusion detection and other functions in the wireless LAN. WebAuthentication (WebAuth) is one of the web authentication client programs. An authorization issue vulnerability exists in the CiscoAuthoAccessPoints IOSSoftware and Cisco WirelessLANController prior to 8.5.10.0 for the WebAuth client, which was caused by the program failing to authenticate. This may lead to further attacks

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. Vendors have confirmed this vulnerability Bug ID CSCvg02116 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. Vendors have confirmed this vulnerability Bug ID CSCvg76469 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222. Vendors have confirmed this vulnerability Bug ID CSCvf89222 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756. Vendors have confirmed this vulnerability Bug ID CSCve17756 It is released as.Information may be tampered with. There are security vulnerabilities in CWAs that use APs in several Cisco products

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. plural F5 The product contains an access control vulnerability.Information may be obtained. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. TMOSShell (tmsh) is one of the command line tools. There are security vulnerabilities in TMOSShell in several F5 products. An attacker could exploit this vulnerability to obtain objects on the file system. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, version 11.2.1 to version 11.6.3.1; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2 Versions, 11.2.1 to 11.6.3.1; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.2, Version 11.2.1 to Version 11.6.3.1; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. Cisco IOS XR The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg95792 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg97808 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg99327 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The detection engine is one of the intrusion detection engines

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. Vendors have confirmed this vulnerability Bug ID CSCvd39568 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. TBK Vision DVR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeNova DVR etc. are DVR (hard disk video recorder) devices from different manufacturers. There are security vulnerabilities in several DVR devices. Products from the following manufacturers are affected: CeNova DVR; Night OWL DVR; Novo DVR; Pulnix DVR; QSee DVR; Securus DVR; TBK Vision DVR

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. plural F5 BIG-IP The product contains an access control vulnerability.Information may be obtained. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. TMOSShell (tmsh) is one of the command line tools. There are security vulnerabilities in TMOSShell in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, version 11.2.1 to version 11.6.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, 11.2.1 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions, 11.2.1 to 11.6.3; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. Vendors have confirmed this vulnerability Bug ID CSCvh89107 , CSCvh89113 , CSCvh89132 ,and CSCvh89142 It is released as.Information may be obtained. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of WRF files. Crafted data in a WRF file can trigger a read past the end of a mapped view of a file. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228. Vendors have confirmed this vulnerability Bug ID CSCvh70213 , CSCvh70222 ,and CSCvh70228 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. D-Link DCS-5009 , DCS-5010 ,and DCS-5020L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCS-5009, DCS-5010 and DCS-5020L are all different types of network camera products from D-Link. Alphapd is one of the web servers. A remote code execution vulnerability exists in D-LinkDCS-5009 with firmware version 1.08.11 and earlier, DCS-5010 with firmware version 1.14.09 and earlier, and alphapd in DCS-5020L with firmware prior to 1.15.01

Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. BootROM Recovery Mode (RCM) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegramobileprocessors is a central processing unit from NVIDIA. BootROMRecoveryMode (RCM) is one of the engineering mode components that can modify the data

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. plural F5 BIG-IP The product contains an access control vulnerability.Information may be tampered with. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit this vulnerability to write to any file path. An attacker can exploit this issue to access, modify or delete arbitrary files or gain escalated privileges, which may aid in further attacks. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, version 11.2.1 to version 11.6.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, 11.2.1 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions, 11.2.1 to 11.6.3; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP PEM version 13.0.0 to version 13.1.0.5, 12