VARIoT IoT vulnerabilities database

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 An untrusted data deserialization vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DAR-7000 is an Internet behavior audit gateway of D-Link, a Chinese company. DAR-7000 of D-Link Electronic Equipment (Shanghai) Co., Ltd. The vulnerability is caused by the file parameter of /log/decodmail.php that can deserialize certain content. No detailed vulnerability details are provided at present

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. OpenVPN Technologies of OpenVPN contains an improper validation vulnerability on input of a given type.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. Multiple Siemens products have a log output neutralization error vulnerability that can be exploited by attackers to send spam to the openvpn log, causing high CPU load. ========================================================================== Ubuntu Security Notice USN-6860-1 July 02, 2024 openvpn vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. (CVE-2024-28882) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS openvpn 2.6.9-1ubuntu4.1 Ubuntu 23.10 openvpn 2.6.5-0ubuntu1.2 Ubuntu 22.04 LTS openvpn 2.5.9-0ubuntu0.22.04.3 Ubuntu 20.04 LTS openvpn 2.4.12-0ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6860-1 CVE-2024-28882, CVE-2024-5594 Package Information: https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1 https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. Samsung's galaxystore Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. Samsung's flow Exists in unspecified vulnerabilities.Information may be obtained

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. Samsung's SmartThings There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges. Alienware m15 R6 firmware, Alienware m15 R7 firmware, alienware m16 r1 Several Dell products, such as firmware, contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. 315 5g iot modem firmware, AQT1000 firmware, AR8031 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption when allocating and accessing an entry in an SMEM partition. APQ8064AU firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while performing finish HMAC operation when context is freed by keymaster. 315 5g iot modem firmware, 9205 lte modem firmware, APQ8017 Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482. media tech's LR12A Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481. media tech's LR12A Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state

Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-service security gateway. Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A301 is a wireless signal extender from China's Tenda company. There is a security vulnerability in Tenda A301 version 15.13.08.12, which can be exploited by remote attackers to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A301 is a wireless signal extender from China's Tenda Company. The vulnerability is caused by the /goform/SetOnlineDevName parameter devName failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. OpenPLC Project of OpenPLC_v3 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OpenPLC is an open source programmable logic controller. It can provide low-cost industrial solutions for automation and research. OpenPLC has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the application. Attackers can exploit this vulnerability to perform cross-site scripting attacks through SVG documents as profile pictures

Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform established in 1997. Beijing Yakong Technology Development Co., Ltd. KingPortal development system has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing Yakong Technology Development Co., Ltd., referred to as "Yakong Technology", is a high-tech enterprise of industrial automation and information software platform established in 1997. KingH5Stream of Beijing Yakong Technology Development Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. Rockwell Automation of thinmanager and thinserver Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time