VARIoT IoT vulnerabilities database

In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation. SwiftNIO Contains a buffer overflow vulnerability due to a lack of size verification.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple SwiftNIO is prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Versions prior to SwiftNIO 1.8.0 are vulnerable. Apple SwiftNIO is a set of cross-platform asynchronous event-driven open source network application framework written by Apple (Apple). A remote attacker could exploit this vulnerability to overwrite arbitrary memory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0 SwiftNIO 1.8.0 is now available and addresses the following: SwiftNIO Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later Impact: A remote attacker may be able to overwrite arbitrary memory Description: A buffer overflow was addressed with improved size validation. CVE-2018-4281: Apple The following versions also contain the security content of SwiftNIO 1.8.0: 1.0.1, 1.1.1, 1.2.2, 1.3.2, 1.4.3, 1.5.2, 1.6.2, 1.7.3. Installation note: SwiftNIO 1.8.0 may be obtained via Swift Package Manager. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio/releases/tag/1.8.0. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAlszzrspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCYczQ// bAlQPEBKRG482pKuKfKRXXjBDazu8zTiqsz1sHibYrtGCvNsApIhYOcDuUDKm8ey vk9DDmrcpI9gfxM975077qpnLjSAkpnPB60MRwxceWsNVnXhiLyU0+Fx5yQ2X6ey BhkY5Et+FhgLmrgr/nHb9IFkGGuUnDtNjN7N/GU7hyaGyxeYdfNFHMIUF/BGKroC 3VpD30hxZKFQjLUUXPKSy5oa6jD6FiXEDQmKdBbCpTvIj/f2GUgDkk+ErzzOBCjh Et6BC9QM4qleOzzJu9+8YlCyj2XOuGkWsVs6SMPmpP+mz+1/bDgzmy8hcWSb6cmo rEnE40t3jNHbw23jX9Xu7Fm2OdXw327kERbiwFSOSxzQJh4UwIdz4y5phz29ify3 bXEoInDORhomZuMCiK7ZhjNHFTLNxI1XFbHjbpEEZUgVYRUkHO9kKP9hOzLV8Gu/ nw0MAI5n/8lzxyRdpcBcFPWuWkyOFlIve/1vTQgTOMwOXeUudE1Ps2EWPFZO/Hlh 9nEy+Cd7zngO2YCDFsAePJXJCeg5b4n2FBrd4B3/xDWpeyk8guewwV0uosdqJ6Ht YQMYXUDeT7OHu+31Wt/JNUORIRuaVVStkl3jyrZufS2cyqhkTFX3f/ng8/A1C708 FMLHzFNworXo006KAKYlEOuVIMqz0lM9l5TEwq9E3Qo= =iH/I -----END PGP SIGNATURE-----

Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. BIG-IP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in F5 BIG-IP version 13.0.1 and versions 13.1.0.4 through 13.1.0.7

An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. AxisIPCameras is a network camera product from Axis, Sweden. An information disclosure vulnerability exists in the /bin/ssid process of multiple modules in AxisIPCameras. The vulnerability stems from the program not correctly calculating the size value. An attacker could exploit the vulnerability to disclose information

An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. Axis IP Camera Contains a buffer error vulnerability.Denial of service (DoS) May be in a state. AxisIPCameras is a network camera product from Axis, Sweden. An information disclosure vulnerability exists in the /bin/ssid process of multiple modules in AxisIPCameras. The vulnerability stems from the program not correctly calculating the size value. An attacker could exploit the vulnerability to disclose information. An attacker could use the vulnerability to execute a command as the root user by sending a request and setting the value of the \342\200\230parhand\342\200\231 parameter

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. Axis IP Camera Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. An attacker could use the vulnerability to execute a command as the root user by sending a request and setting the value of the \342\200\230parhand\342\200\231 parameter

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface. Axis IP Camera Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security vulnerability exists in multiple modules in Axis IP Cameras that the program failed to restrict user access to dbus. An attacker could exploit this vulnerability to access the dbus-service interface

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control. Axis IP Camera Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. There are security vulnerabilities in multiple modules in AxisIPCameras. An attacker could exploit the vulnerability to bypass the web-server authorization mechanism by sending an unauthenticated request

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. Axis IP Camera Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. A memory corruption vulnerability exists in multiple modules in AxisIPCameras. Several modules in Axis IP Cameras have security vulnerabilities

There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. Axis IP Camera Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AxisIPCameras is a network camera product from Axis, Sweden. A memory corruption vulnerability exists in multiple modules in AxisIPCameras. Several modules in Axis IP Cameras have security vulnerabilities

Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. Marlin is a 3D printer firmware based on the Arduino platform

Panabit is an intelligent application gateway software based on PanaOS operating system. Panabit has a command execution vulnerability. When the attacker obtains Web permissions, he can construct a payload for remote command injection to obtain root permissions of the device.

Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. Dell EMC iDRAC Service Module Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. EMC iDRAC Service Module 3.0.1, 3.0.2, 3.1.0, and 3.2.0 are vulnerable. The software extends the integrated Dell EMC Remote Access Controller (iDRAC) to the host operating system

SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. SAJSolarInverter is a solar inverter product of China Sanjing Electric Company. An information disclosure vulnerability exists in SAJSolarInverter

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device. NuCom WR644GACV The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NuComWR644GACV is a wireless dual-band router device from NuCom, Spain. There is a security hole in NuComWR644GACV

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. Google Home and Chromecast The device contains an information disclosure vulnerability.Information may be obtained. Google Home and Chromecast are both products of Google (Google). Chromecast is an Internet TV set-top box device. API services in Google Home and Chromecast have security flaws. A remote attacker could exploit this vulnerability to determine the physical location of most web browsers

Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Nagios XI has multiple SQL injection vulnerabilities. An attacker can use the vulnerability to obtain sensitive database information.

ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. ECESSA ShieldLink SL175EHQ The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highlyaffordable secure WAN Optimization Controllers that incorporate all of the ISP/WANlink.The application interface allows users to perform certain actionsvia HTTP requests without performing any validity checks to verify therequests. This can be exploited to perform certain actions with administrativeprivileges if a logged-in user visits a malicious web site.Tested on: lighttpd/1.4.35. ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA in the United States, which includes functions such as ISP/WAN link aggregation, load balancing, and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4

DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. DIGISOL DG-BR4000NG The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DIGISOLDG-BR4000NG is a wireless router product from DIGISOLSYSTEMS, Mumbai. An attacker could exploit the vulnerability with a longer Authorization HTTP header to execute arbitrary code or cause a denial of service

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). DIGISOL DG-BR4000NG The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLDG-BR4000NG is a wireless router product from DIGISOLSYSTEMS, Mumbai. A cross-site scripting vulnerability exists in DIGISOLDG-BR4000NG. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with SSID (client-only authentication)