VARIoT IoT vulnerabilities database

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess 'nvA1Media.ocx'. Failed exploit attempts will likely cause a denial-of-service condition

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). NEC Aterm WG2600HP2 Contains an access control vulnerability.Information may be obtained. The WG2600HP2 is a router product from NEC. A security vulnerability exists in NEC Aterm WG2600HP2 version 1.0.2

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. PLANEX CS-QR20 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. A security vulnerability exists in PLANEX CS-QR20 version 1.30

ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. ToMAX R60G Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ToMAXR60G is an enterprise-class router device from China's Xinghongwang Technology (ToMAX). A cross-site request forgery vulnerability exists in the ToMAXR60GV2-V2.0-v.2.6.3-170330 release. A remote attacker could exploit this vulnerability to perform unauthorized operations. ToMAX R60G is prone to a cross-site request-forgery vulnerability. Other attacks are also possible

ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. ASUS DSL-N10S The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The ASUSDSL-N10S is a wireless router product from ASUS. A cross-site scripting vulnerability exists in the ASUSDSL-N10SV2.1.16_APAC version. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. ASUS DSL-N10S Router is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible

ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. ASUS DSL-N10S Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ASUSDSL-N10S is a wireless router product from ASUS. An elevation of privilege exists in the ASUSDSL-N10SV2.1.16_APAC version. An attacker could exploit the vulnerability to gain access and perform administrative operations

ASUS DSL-N10S The firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ASUSDSL-N10S is a wireless router product from ASUS. A cross-site request forgery vulnerability exists in the ASUSDSL-N10SV2.1.16_APAC version. A remote attacker could exploit this vulnerability to perform unauthorized operations. Multiple Hikari Denwa Routers are prone to a cross-site request-forgery vulnerability. This may aid in other attacks

Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. QNAP TS-212P Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QNAPTS212Pdevices is a NAS storage device from QNAP Systems. SurveillanceStationcomponent is one of the image management components. A security vulnerability exists in the SurveillanceStation component of the QNAPTS212P device using firmware version 4.2.1build20160601. An attacker could exploit this vulnerability to access all functions. QNAP Surveillance Station is prone to an authentication-bypass vulnerability. Attackers may exploit this issue to gain unauthorized access or bypass intended security restrictions. Qnap TS212P Firmware 4.2.1 build 20160601 is vulnerable; other versions may also be affected

ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. ASUS RT-N14UHP The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ASUSRT-N14UHP is a wireless router device from ASUS. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295. Vendors have confirmed this vulnerability Bug ID CSCtt15295 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID's CSCtt15295 and CSCtt22554. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions. Attackers can exploit this vulnerability to consume a large amount of CPU resources

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. PLANEX CS-QR20 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. There is a security vulnerability in PLANEX CS-QR20 version 1.30, which stems from the fact that the application has a hardcoded account/password (admin:password). An attacker can exploit this vulnerability to execute arbitrary commands with root privileges

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. PLANEX CS-W50HD Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.)

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. Attacks on this vulnerability 2017 Year 8 Observed on the moon. Vendors have confirmed this vulnerability SAP Security Note 2486657 It is released as.Information may be obtained

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. PLANEX CS-W50HD A command injection vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). # Status Fixed in firmware ver 030720 <table class="TM_EMAIL_NOTICE"><tr><td><pre> TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. </pre></td></tr></table>

Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. Sandboxie The installer contains an untrusted search path vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sandboxie is a virtualization software from Sandboxie Holdings, USA. The software supports running other applications in an isolated space and prevents programs from making changes to the system. Sandboxie installer is the installer for Sandboxie. Attackers can use the malicious dwmapi.dll or profapi.dll files in the AppDataLocalTemp directory to exploit this vulnerability to execute arbitrary code