VARIoT IoT vulnerabilities database

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. The Ethicon Endo-Surgery Generator G11 is a host of ultrasound HF surgical integrated systems deployed in the healthcare and public health sectors. Ethicon Endo-Surgery Generator G11 is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. All versions of Ethicon Endo-Surgery Generator Gen11 are vulnerable. Ethicon Endo-Surgery Generator Gen11 is an internal and surgical device produced by Ethicon Endo-Surgery in the United States

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. ZTE ZXDSL 831CII The device contains an authentication vulnerability.Information may be tampered with. ZTEZXDSL831CII is an ADSL modem (Modem) product of China ZTE Corporation (ZTE). An unauthorized access vulnerability exists in ZTEZXDSL831CII due to a program that failed to properly restrict access. An attacker could exploit this vulnerability to change the router's PPPoE configuration, causing a denial of service

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Pebble Smartwatch The device contains an information disclosure vulnerability.Information may be obtained and information may be altered. Pebble Smartwatch devices is a smart watch of Pebble Company in the United States

In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. Hitachi Vantara Pentaho BA The platform contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. A remote attacker could use this vulnerability to perform unauthorized operations (such as uploading, deleting files, creating, changing, or deleting queries). Other attacks are also possible

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack.". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker could exploit this vulnerability to bypass self-encrypting hard disk (SED) protection. Samsung/Seagate Self-Encrypting Drive Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. The following products are vulnerable: Seagate ST500LT015 and ST500LT025 Samsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack.". Samsung 850 Pro/PM851 Solid state drives and Seagate ST500LT015/ST500LT025 There are vulnerabilities in hard disk drives that can bypass security functions.Information may be obtained. LenovoThinkPadT440slaptop is a laptop from Lenovo China. The DellLatitudeE6410laptop is a laptop from Dell. Samsung850Pro, etc. are all hard drives used in laptops. The Samsung850Pro is a hard disk manufactured by Samsung in South Korea. The Seagate ST500LT015 is a hard drive manufactured by Seagate. There are security holes in the Samsung850Pro, PM851 SSD, SeagateST500LT015 and ST500LT025 hard drives on several devices. An attacker with a physical location approach can exploit the vulnerability to bypass self-encrypting hard disk protection by implementing a forced restart attack. Samsung/Seagate Self-Encrypting Drives Protection are prone to a local security-bypass vulnerability. This may aid in further attacks. The following products are vulnerable: Seagate ST500LT015 and ST500LT025 Samsung 850 Pro and PM851. Samsung 850 Pro etc. The following products are affected: Lenovo ThinkPad T440s laptop using BIOS version 2.32; ThinkPad W541 laptop using BIOS version 2.21; Dell Latitude E6410 laptop using BIOS version A16; Latitude E6430 laptop using BIOS version A16

Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack.". Seagate ST500LT015 Vulnerabilities exist in the hard disk drives that bypass security features.Information may be obtained. LenovoThinkPadW541laptopswithBIOS2.21 is a notebook computer of China Lenovo (Lenovo) that uses BIOS 2.21 version. SeagateST500LT015harddiskdrive is a hard drive made by Seagate, a computer used in the United States. There is a security hole in the SeagateST500LT015harddiskdrive on the Lenovo ThinkPad W541 laptop with BIOS version 2.21. This may aid in further attacks

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. plural TP-Link The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WVR is a wireless router product of China TP-LINK. There are command injection vulnerabilities in several TP-Link products. Multiple TP-Link Routers are prone to a remote command-injection vulnerability. TP-Link TL-WVR, etc. The following products are affected: TP-Link TL-WVR; TL-WAR; TL-ER; TL-R

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. plural TP-Link The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WVR is a wireless router product of China TP-LINK. There are command injection vulnerabilities in several TP-Link products. TP-Link TL-WVR, etc. The following products are affected: TP-Link TL-WVR; TL-WAR; TL-ER; TL-R

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. plural TP-Link The device contains a path traversal vulnerability.Information may be obtained. TP-LinkTL-WVR is a wireless router product of China TP-LINK. An information disclosure vulnerability exists in the locale feature of several TP-Link products. TP-Link TL-WVR, etc. The following products are affected: TP-Link TL-WVR; TL-WAR; TL-ER; TL-R

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. plural TP-Link The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WVR is a wireless router product of China TP-LINK. There are command injection vulnerabilities in several TP-Link products. TP-Link TL-WVR, etc. The following products are affected: TP-Link TL-WVR; TL-WAR; TL-ER; TL-R

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01827c, the value for the `dhcp` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d018234, the value for the `sub` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. Insteon Hub Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_utc, at 0x9d0193ac, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d019854, the value for the `sunset` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. Insteon Hub Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d01980c, the value for the `sunrise` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d0188a8, the value for the `name` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a010, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state