VARIoT IoT vulnerabilities database

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. An information disclosure vulnerability exists in the iClock series of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. CUPS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in the 'add_job' function in Apple CUPS versions prior to 2.2.6. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1 Ubuntu 17.10: cups 2.2.4-7ubuntu3.1 Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3713-1 CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553 Package Information: https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1 https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5 https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. thermald Contains a link interpretation vulnerability.Information may be tampered with. thermald is a thermal daemon applied to the computer, which can prevent the computer from overheating. A security vulnerability exists in the 'main' function of the android_main.cpp file in thermald

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Intelbras TELEFONE IP Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasTELEFONEIPTIP200/200LITE is an IP phone product from Intelbras of Brazil. A security vulnerability exists in the IntelbrasTELEFONEIPTIP200/200LITE60.0.75.29 release. A remote attacker can exploit this vulnerability to read arbitrary files by sending a \342\200\230page\342\200\231 parameter to the /cgi-bin/cgiServer.exx file

Auto Station is a PLC-IVC series programming software from INVT. Auto Station has a denial of service vulnerability. When the 'data content' entered exceeds or is less than its corresponding 'length', an attacker can obtain a null address through the GetVauleName function, causing a denial of service attack

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. AMD Ryzen and Ryzen Pro The platform contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. Promontory chipset is one of these chipsets. An attacker could exploit this vulnerability to execute code

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. AMD Ryzen and Ryzen Pro Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD Ryzen and Ryzen Pro are both central processing unit (CPU) products of AMD in the United States. An attacker could exploit this vulnerability to disable system management mode protection, read memory, and execute arbitrary code

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. AMD EPYC Server Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server is a server central processing unit (CPU) data processing chip of American AMD company. An attacker could exploit this vulnerability to write or read memory and disable system management mode protection

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit the vulnerability to cause TMM to crash and fail over, resulting in a denial of service. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AAM version 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP AFM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP APM 13.0.0 and 12.1.0 through 12.1.3.1; BIG-IP ASM 13.0.0 and 12.1.0 through 12.1. Version 3.1; BIG-IP Link Controller Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP PEM Version 13.0.0 and Version 12.1.0 through Version 12.1.3.1; BIG-IP WebSafe Version 13.0.0 and versions 12.1.0 through 12.1.3.1

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. plural F5 BIG-IP The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: BIG-IP LTM version 13.0.0 through 13.1.0.3; BIG-IP AAM version 13.0.0 through 13.1.0.3; BIG-IP AFM version 13.0.0 through 13.1.0.3; BIG -IP Analytics version 13.0.0 to 13.1.0.3; BIG-IP APM version 13.0.0 to 13.1.0.3; BIG-IP ASM version 13.0.0 to 13.1.0.3; BIG-IP DNS version 13.0.0 to Version 13.1.0.3; BIG-IP Edge Gateway Version 13.0.0 through Version 13.1.0.3; BIG-IP GTM Version 13.0.0 through Version 13.1.0.3; BIG-IP Link Controller Version 13.0.0 through Version 13.1.0.3; BIG -IP PEM version 13.0.0 to 13.1.0.3; BIG-IP WebAccelerator version 13.0.0 to 13.1.0.3; BIG-IP WebSafe version 13.0.0 to 13.1.0.3

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. plural AMD The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AMD EPYC Server, etc. are all central processing unit (CPU) products of AMD in the United States. Attackers can exploit this vulnerability to install malicious software and disable security features

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Medtronic 2090 Carelink Programmer Contains a path traversal vulnerability.Information may be obtained. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM and Analytics are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions. F5 BIG-IP ASM is a web application firewall (WAF) that provides secure remote access, protects email, and simplifies web access control while enhancing network and application performance. Analytics is a suite of web application performance analysis software. A remote attacker could exploit this vulnerability to cause a denial of service

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. F5 BIG-IP Policy Enforcement Manager (PEM) Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. PEM is one of the policy execution managers. There are security vulnerabilities in F5BIG-IPPEM version 13.0.0 to version 13.1.0.3 and version 12.0.0 to 12.1.3.1. A remote attacker can exploit this vulnerability to create a denial of service with a specially crafted page. A security vulnerability exists in F5 BIG-IP PEM versions 13.0.0 through 13.1.0.3 and 12.0.0 through 12.1.3.1