VARIoT IoT vulnerabilities database

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. Philips Intellispace Portal Contains an untrusted search path vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. Philips Intellispace Portal Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. Philips Intellispace Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An elevation of privilege vulnerability exists in Philips ISP versions 8.0.x and 7.0.x

Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. Synology Surveillance Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Surveillance Station is an image management application from Synology Corporation. User Profile is one of the user information storage files

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking. PureVPN Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PureVPN is a paid VPN service. There is a privilege escalation vulnerability in 5.19.4.0 and earlier versions of PureVPN for Windows

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523. A security vulnerability exists in the Buffalo WXR-1900DHP2 using firmware version 2.48 and earlier

Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523. A buffer overflow vulnerability exists in the firmware of BUFFALOWXR-1900DHP2Ver.2.48 and earlier

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Seagate BlackArmor NAS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. There is a security hole in SeagateBlackArmorNAS. A security flaw exists in Seagate BlackArmor NAS

backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. BlackArmor NAS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. A security vulnerability exists in the backupmgt/pre_connect_check.php file in SeagateBlackArmorNAS, which was caused by the program using a hard-coded password \342\200\230!~@##$$%FREDESWWSED\342\200\231. There are currently no detailed vulnerability descriptions. A remote attacker can exploit this vulnerability to gain root privileges on the device

Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. * Stored cross-site scripting (CWE-79) - CVE-2018-0519 * Cross-site request forgery (CWE-352) - CVE-2018-0520 Manabu Kobayashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the web browser of a user who is logging in the setting tool of the device - CVE-2018-0519 * If a user views a malicious page while logged in the setting tool of the affected product, unintended operations such as changing settings of the device may be conducted. - CVE-2018-0520

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise. eQ-3 AG HomeMatic CCU2 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. There is a security vulnerability in the /usr/local/etc/config/addons/mh/loopupd.sh file in the eQ-3 AG HomeMatic CCU2 version 2.29.22

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. eQ-3 AG Homematic CCU2 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. An attacker could exploit the vulnerability to create or overwrite any file or install malware on the device

Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. eQ-3 AG Homematic CCU2 Contains an information disclosure vulnerability.Information may be obtained. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. A directory traversal vulnerability exists in the User.getLanguage method in eQ-3AGHomematicCCU22.29.2 and earlier

INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. INVT Studio Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. INVT Studio is a serial and Ethernet-based inverter monitoring system

Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. * Stored cross-site scripting (CWE-79) - CVE-2018-0519 * Cross-site request forgery (CWE-352) - CVE-2018-0520 Manabu Kobayashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the web browser of a user who is logging in the setting tool of the device - CVE-2018-0519 * If a user views a malicious page while logged in the setting tool of the affected product, unintended operations such as changing settings of the device may be conducted. - CVE-2018-0520. A remote attacker could exploit this vulnerability to perform unauthorized operations

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices. eQ-3 AG HomeMatic CCU2 Devices are vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. A security vulnerability exists in the eQ-3AGHomeMaticCCU 22.29.22 release

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. eQ-3 AG Homematic CCU2 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. TCLscriptinterpreter is one of the script interpreters for the TCL language

Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. eQ-3 AG Homematic CCU2 Contains path traversal vulnerabilities and authorization / privilege / access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. A directory traversal vulnerability exists in User.setLanguage in eQ-3AGHomematicCCU22.29.2 and earlier

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue. AppFormix Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper AppFormix is ​​a set of optimization and management software platforms for public cloud, private cloud and hybrid cloud from Juniper Networks