VARIoT IoT vulnerabilities database

Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point. Philips IntelliVue MX40 Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The MX40 Patient Worn Monitor is primarily used as a traditional telemetry medical device as part of a surveillance and alarm system. Philips IntelliView MX40 Patient Worn Monitor is prone to multiple denial-of-service vulnerabilities. Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service conditions. Versions prior to Philips IntelliView MX40 Patient Worn Monitor B.06.18 are vulnerable

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. mySCADA myPRO Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. myPRO is an HMI/SCADA system for the visualization and control of industrial processes. mySCADA myPRO is prone to a local privilege-escalation vulnerability. mySCADA myPRO Versions 7.0.26 and prior are vulnerable

SAP NetWeaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP NetWeaver is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP NetWeaver is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

SAP NetWeaver is prone to open-redirection vulnerability An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

SAP NetWeaver is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SAP NetWeaver is prone to open-redirection vulnerability An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

SAP NetWeaver is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP NetWeaver is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. fails to restrict access permissions. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in routers by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10b and earlier versions

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. Beijing Hanbang Hanbanggaoke The device contains an input validation vulnerability.Information may be tampered with. BeijingHanbangHanbanggaokeIPCamera is a network camera of China Hanbang Hi-Tech. BeijingHanbangHanbanggaokeIPCamera/ISAPI/Security/users/1 handles security vulnerabilities in requests, allowing remote attackers to exploit vulnerabilities to submit special requests and change administrator passwords. There is a security vulnerability in Beijing Hanbang Hanbanggaoke IP Camera, which is caused by the program's insufficient filtering input

Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Japan Computer Emergency Response Team Coordination Center Global Coordination Division Cyber Metrics Line Information Security Analyst Keisuke Shikano reported this vulnerability to IPA. The reporter has conducted a test and confirmed that an attacker can log in to the device through internet by using an ID and a password, and execute arbitrary command. NTT DOCOMO Wi-Fi STATION L-02F Software is a set of software used in L-02F router by NTT DOCOMO, Japan. A security vulnerability exists in NTT DOCOMO Wi-Fi STATION L-02F Software V10g and earlier versions

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. TP-LINK TL-WR741N and TL-WR741ND 150M Wireless Lite N Router Contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LINKTL-WR741N and TL-WR741ND150MWirelessLiteNRouter are wireless router products of China TP-LINK. A security vulnerability exists in the TP-LINKTL-WR741N and TL-WR741ND150MWirelessLiteNRouter using 3.11.7Build100603Rel.56412n firmware and WR741Nv1/v200000000 hardware. The vulnerability stems from the program failing to properly verify the 'SSID' parameter in 'WirelessSettings'. An attacker could exploit the vulnerability to inject malicious code that would prevent the user from changing the wireless settings. 'SSID' parameter in Wireless Settings'

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions are vulnerable: FortiOS 5.6.0 to 5.6.2 FortiOS 5.4.0 to 5.4.8 FortiOS 5.2 through 5.2.12

A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command. Fortinet FortiOS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The following versions are vulnerable: FortiOS 5.6.0 through 5.6.2 FortiOS 5.4.0 through 5.4.8 FortiOS 5.2 through below. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. Fortinet FortiClient Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Fortinet FortiClient Windows, FortiClient for Mac OS X and FortiClient SSLVPN Client for Linux are all products of Fortinet. Fortinet FortiClient Windows is a mobile terminal security solution based on Windows platform. FortiClient for Mac OS X is a version based on the Mac OS X platform. FortiClient SSLVPN Client for Linux is a Linux-based VPN client for connecting Fortigate devices. An information disclosure vulnerability exists in several Fortinet products due to improper secure storage locations. An attacker could exploit this vulnerability to view other VPN authentication certificates. The following products and versions are affected: Windows-based Fortinet FortiClient 5.6.0 and earlier versions; Mac OSX-based FortiClient 5.6.0 and earlier versions; Linux-based FortiClient SSLVPN Client 4.4.2334 and earlier versions

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. Fortinet FortiWebManager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiWebManager is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. FortiWebManager 5.8.0 is vulnerable; other versions may also be affected. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. FortiWebManager is one such application for managing firewalls. An attacker could exploit this vulnerability to gain access to the administrator's web user interface

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a URI-redirection vulnerability and a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible. Fortinet FortiOS 5.0 and prior, 5.2.0 through 5.2.12, 5.4.0 through 5.4.6 and 5.6.0 through 5.6.2 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. SSL-VPN portal is one of the VPN management interfaces. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and earlier

A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. Fortinet FortiOS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. FortiOS 5.4.0 through 5.4.5 are vulnerable. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. A denial of service vulnerability exists in Fortinet FortiOS versions 5.4.0 to 5.4.5