VARIoT IoT vulnerabilities database

China Mobile Smart Home Gateway CM113-Z is a universal gateway device for China Mobile Communications. China Mobile Communications Group Smart Home Gateway CM113-Z has a command execution vulnerability. An attacker could use the vulnerability to execute arbitrary system commands on the device.

A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used. Foxconn femtocell FEMTO AP-FC4064-T Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoxconnfemtocellFEMTOAP-FC4064-T is a home base station device from Foxconn. A vulnerability exists in the FoxconnfemtocellFEMTOAP-FC4064-TAP_GT_B38_5.8.3lb15-W47LTEBuild15 release, which stems from a weaker default password used by privileged accounts. The attacker can use the web interface to open the TELNET service, control the system and obtain user communication

Zhejiang Haikang Technology Co., Ltd. focuses on the research, development, design, and manufacturing of intelligent control technology. It is a domestic intelligent control technology / product provider. An unauthorized access vulnerability exists in the Haikang Technology terminal feature management system. Allows attackers to exploit vulnerabilities to bypass permission authentication and access sensitive directories or files.

One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications. Foxconn femtocell FEMTO AP-FC4064-T Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoxconnfemtocellFEMTOAP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in FoxconnfemtocellFEMTOAP-FC4064-TAP_GT_B38_5.8.3lb15-W47LTEBuild15. An attacker could exploit the vulnerability to gain root privileges, control the system, and obtain user communications

Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854

Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An attacker can send a packet attack with a special parameter to the device. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The vulnerability is due to the fact that the program does not fully verify packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A security vulnerability exists in several Huawei products due to the failure of the program to properly validate user-submitted data. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR120-S V200R005C32 Version; AR1200 V200R005C32 Version; AR1200-S V200R005C32 Version; AR150 V200R005C32 Version; AR150-S V200R005C32 Version; AR160 V200R005C32 Version; AR200 V200R005C32 Version; AR200-S V200R005C32 Version; AR2200- S V200R005C32 version; AR3200 V200R005C32 version; V200R007C00 version; AR510 V200R005C32 version; NetEngine16EX V200R005C32 version;

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An attacker can send a packet attack with a special parameter to the device. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The vulnerability is due to the fact that the program does not fully verify packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854

D-LinkDGS-3000-10TC is a network switch of D-Link. A cross-site request forgery vulnerability exists in firmware for D-LinkDGS-3000-10TC2.00.006, which could allow an attacker to change configuration settings and create new users.

Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure

A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Rapid SCADA Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rapid Scada is a free open source SCADA software. The software supports the creation of systems such as industrial automation, home automation, and energy accounting

Guangzhou Huama Building Material Co., Ltd. is a modern professional manufacturer integrating scientific research, production and sales. Huama smart door latched in a hardware loophole. The loophole is due to the radio signal of Huama door lock without anti-replay means. An attacker could use this vulnerability to perform a replay attack.

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SIPROTEC 4, SIPROTEC Compact and Reyrolle equipment offer a wide range of centralized protection, control and automation functions for substations and other applications. Multiple Siemens EN100 Ethernet Modules are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. A security vulnerability exists in the web interface (TCP/80) in several Siemens products

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SiemensDIGSI and others are products of Siemens AG. SiemensDIGSI is a configuration operating software for a microcomputer protection device. A security vulnerability exists in several Siemens products that stems from a program failing to authenticate important features. Siemens DIGSI, etc

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. plural Siemens The product contains an authorization vulnerability.Information may be obtained. Siemens DIGSI and others are products of Siemens AG. The Siemens DIGSI is a configuration operating software for the microcomputer protection. EN100 Ethernet module The IEC 61850 variant is an Ethernet module product. Security vulnerabilities exist in several Siemens products. An attacker could exploit the vulnerability to re-establish an access authorization password

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. BIG-IQ Centralized Management Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IQ Centralized Management is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. Vendors have confirmed this vulnerability Bug ID CSCvc82982 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805. Vendors have confirmed this vulnerability Bug ID CSCvf69805 It is released as.Information may be obtained and information may be altered. Other attacks are also possible. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies