VARIoT IoT vulnerabilities database

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. D-Link DIR-601 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-601 is a wireless router product of D-Link\\Company. The D-LinkDIR-601 information disclosure vulnerability allows an attacker to exploit the vulnerability to obtain an administrator username/password to access the administrator panel. A trust management vulnerability exists in D-Link DIR-601 B1 version 2.02NA

Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud. Western Digital WD My Cloud Contains an authentication vulnerability. This vulnerability CVE-2018-7171 And related issues.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. Samsung Mobile device software contains a buffer error vulnerability. Vendors have confirmed this vulnerability SVE-2017-11165 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsungmobiledevices and so on are all released by South Korea's Samsung (Samsung) company's smart mobile devices. AndroidN is a Linux-based open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). An attacker could exploit the vulnerability to execute code with a large frame value

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. Samsung Mobile device software contains a buffer error vulnerability. Vendors have confirmed this vulnerability SVE-2017-10991 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsungmobiledevices and so on are all released by South Korea's Samsung (Samsung) company's smart mobile devices. Both AndroidM and N are Linux-based versions of the open source operating system jointly developed by Google and the Open Handheld Device Alliance (OHA). Sensorhubbinderservice is one of the processing services for sensors and hubs. An attacker could exploit the vulnerability to execute code

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android For MyScript SDK Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyScript SDK for Android is a software development kit for the MyScript handwriting input recognition engine based on the Android platform. There are security vulnerabilities in versions of MyScript SDK based on the Android platform prior to 1.3

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android for PJSIP PJSUA2 SDK Contains a range error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PJSIP PJSUA2 SDK for Android is a software development kit based on the Android platform that provides an API for building Session Initiation Protocol (SIP) multimedia user agent applications. There are security vulnerabilities in versions before PJSIP PJSUA2 SDK SVN Changeset based on Android platform 51322

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. TNLSoftSolutions Sentry Vision The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TNLSoftSolutionsSentry is a network camera device from TNLSoftSolutions, USA. A security vulnerability exists in the login page in TNLSoftSolutionsSentry 3.x

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. Wago 750 series PLC Vulnerabilities exist in the firmware of improper shutdown and release of resources.Service operation interruption (DoS) There is a possibility of being put into a state. 750-880, 750-881, 750-852, etc. are all WAGO750 series Ethernet switches. The WAGO750 series has a denial of service vulnerability that can be exploited to cause a denial of service state to communicate with debug and service tools. Multiple WAGO Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition. WAGO 750 Series PLCs, etc. are editable logic controller products of Germany WAGO Company. There is a security vulnerability in WAGO 750 Series PLCs using firmware version 10 and earlier. The vulnerability is caused by the program not implementing the three-way handshake correctly

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android for GraceNote GNSDK Contains a range error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GraceNote GNSDK SDK for Android is a software development kit for building music applications based on the Android platform. It can identify CDs, digital music files, and streaming audio. There are security vulnerabilities in GraceNote GNSDK SDK based on Android platform before version 1.1.7

S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure. HuaweiS12700 is an enterprise-class switch product from China's Huawei company. The Huawei S7700 and S9700 are Huawei's intelligent routing switches. A security vulnerability exists in the Huawei S12700, S7700, and S9700. The following products are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R007C20 Version, V200R008C00 Version, V200R008C06 Version, V200R009C00 Version, V200R010C00 Version; S7700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version, V200R006C01 Version, V200R007C00 Version, V200R007C01 Version, V200R008C00 Version, V200R008C06 version version, V200R009C00 Version, V200R010C00 Version; S9700 V200R001C00 Version, V200R001C01 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00, V200R006C01, V200R007C00 Version , version V200R007C01, version V200R008C00, version V200R009C00, version V200R010C00

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. TIM 1531 IRC Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens TIM 1531 IRC is a communication module from Siemens AG in Germany for processing data transmissions using the Siemens remote control protocol SINAUT ST7. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A security hole exists in BuffaloWZR-1750DHP22.30 and earlier

Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A buffer overflow vulnerability exists in BuffaloWZR-1750DHP22.30 and earlier

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0554 * Buffer Overflow (CWE-119) - CVE-2018-0555 * OS Command Injection (CWE-78) - CVE-2018-0556 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0554 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0555 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0556. The Buffalo WZR-1750DHP2 is a router product of the Buffalo Group in Japan. A security hole exists in BuffaloWZR-1750DHP22.30 and earlier

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. Apple macOS of ATS Components contain vulnerabilities that can capture important information.An attacker could obtain important information by using improper handling of symbolic links. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. An attacker could exploit this vulnerability through a maliciously crafted file to obtain user information

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Terminal is one of the terminal components

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs within a PDF document. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. PDFKit is one of the PDF document generation components

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. APFS is one of the Apple device-specific file system components