VARIoT IoT vulnerabilities database

An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems. Dell EMC NetWorker Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The software provides backup and recovery, deduplication, backup reporting, and more. Resolution: The following Dell EMC NetWorker Cumulative Hot Fix releases contain the resolution to this vulnerability: * Dell EMC NetWorker 8.2.4.11 and later * Dell EMC NetWorker 9.1.1.6 and later * Dell EMC NetWorker 9.2.1.1 and later Note: Customers running NetWorker Server versions 9.0.x or 9.1.0 should upgrade to one of the fixed versions. Dell EMC recommends all customers upgrade at the earliest opportunity. Customers can download a fixed version directly at the links below. Link to remedies: For more information and access to the various releases, see * Dell EMC NetWorker 8.2.4.11: "NetWorker and NMM 8.2.4 Cumulative Hotfixes" document at https://support.emc.com/docu81710_NetWorker-and-NMM-8.2.4-Cumulative-Hotfixes.pdf * Dell EMC NetWorker 9.1.1.6: "NetWorker, NVE, NVP and Modules 9.1.1 Cumulative Hotfixes" https://support.emc.com/docu86749_NetWorker,-NVE,-NVP-and-Modules-9.1.1-Cumulative-Hotfixes.pdf * Dell EMC NetWorker 9.2.1.1: "NetWorker, NVE,NVP and Modules 9.2.1 Cumulative Hotfixes" document at https://support.emc.com/docu87769_NetWorker,-NVE,-NVP-and-Modules-9.2.1-Cumulative-Hotfixes.pdf Credit: Dell EMC would like to thank Marek Cybul for reporting this vulnerability. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJaqXS3AAoJEHbcu+fsE81ZuTEH/i8BV+XLztr1y00AZvbybeLR CEKaGjDtyuhZSiWBUTVdAYPv66wwNDK5ceNepdiEEfJhBfCoLHurQaoz8UTUtXvE iMl28fydkcoYA31PIh/f45IGB+HHpZv2vNqF3xidbT387t3Z0arbYlmYjx80cxJl pVqUf4OKcuxfONVMA5z41qi5Z5C2hGIAoC5GVKs6b5+sneERcw/LW1U9WZGAhYPB eju/QELVrCRWeFaSxG7RJ2kHndIqce3dDQpNlZGQpFtD0YChdlBfEaIwBd8eZ4cE VibK6lbpS8NnY9tN86PYtFXyJs9CtoBiypDuywt5rYYTy4ILYff0ZlgeCz7IXA0= =XjDI -----END PGP SIGNATURE-----

Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an out-of-bounds read vulnerability. Due to the lack string terminator of string, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds and possibly cause the device abnormal. Huawei Smartphone software contains a vulnerability related to out-of-bounds reading.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVNS-L21 is a smartphone from China's Huawei company. Huawei VNS-L21 is a smart phone product of China Huawei (Huawei)

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure. HuaweiP9 is a smartphone from China's Huawei company

Some Huawei Smartphones with software of VNS-L21AUTC555B141, VNS-L21C10B160, VNS-L21C66B160, VNS-L21C703B140 have an array out-of-bounds read vulnerability. Due to the lack verification of array, an attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker to read out of bounds of array and possibly cause the device abnormal. Huawei Smartphone software contains a vulnerability related to out-of-bounds reading.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVNS-L21 is a smartphone from China's Huawei company. This vulnerability is caused by the device failing to perform correct boundary check on the array. Huawei VNS-L21 is a smart phone product of China Huawei (Huawei). The following versions are affected: Huawei VNS-L21 VNS-L21AUTC555B141 version, VNS-L21C10B160 version, VNS-L21C66B160 version, VNS-L21C703B140 version

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. Huawei Mate 9 Pro Smartphones contain a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a smartphone from China's Huawei company. There is a memory release vulnerability in HuaweiMate9Pro

RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command. DEWESoft Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DEWESoftX3SP1 is a device for industrial measurement. A security vulnerability exists in the RunExeFile.exe file in the DEWESoftX3SP1 (64-bit) device that originated from the program requiring authentication for sessions on the TCP1999 port. A remote attacker could exploit the vulnerability to execute arbitrary code or access internal commands

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. MikroTik RouterOS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a routing operating system developed by MikroTik based on the Linux kernel. By installing this system, standard x86 PC devices can be turned into professional routers. A buffer overflow vulnerability exists in MikroTik RouterOS 6.41.3 and earlier. MikroTik RouterOS is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in denial-of-service conditions. This system turns a PC computer into a professional router. SMB service is one of the SMB (communication protocol) services

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. KeepKey Contains an information disclosure vulnerability.Information may be obtained. KEYHODLERSKeepKey is a device used by KEYHODLERS in the United States to store bitcoin. A format string vulnerability exists in KEYHODLERSKeepKey version 4.0.0. An attacker could exploit the vulnerability to access information that is not authorized to access

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. There is a free use vulnerability in the Omron CX-Supervisor 3.30 version. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. A buffer overflow vulnerability exists in Omron CX-Supervisor 3.30 and earlier. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SCS project files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Heap-based buffer overflow (CWE-122) - CVE-2018-7519 ∙ A heap-based buffer overflow may occur due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan. An out-of-bounds read vulnerability exists in Omron CX-Supervisor 3.30 and earlier versions

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Heap-based buffer overflow (CWE-122) - CVE-2018-7519 ∙ A heap-based buffer overflow may occur due to processing of a specially crafted project file. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SCS project files. When parsing a malformed scatter chart object, the process does not properly validate the existence of an object prior to performing operations on it. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. Provided by OMRON Corporation CX-Supervisor Contains the following multiple vulnerabilities: * * Stack-based buffer overflow (CWE-121) - CVE-2018-7513 ∙ Stack-based buffer overflow may occur due to processing of specially crafted project files. * * Uninitialized pointer access (CWE-824) - CVE-2018-7515 There is a possibility of accessing an uninitialized pointer due to the processing of a specially crafted packet. * * Write outside memory boundary (CWE-787) - CVE-2018-7517 ∙ There is a possibility of writing outside the memory boundary due to processing of a specially crafted project file. * * Heap-based buffer overflow (CWE-122) - CVE-2018-7519 ∙ A heap-based buffer overflow may occur due to processing of a specially crafted project file. * * Freed memory used (CWE-416) - CVE-2018-7521 This is a vulnerability in the use of released memory due to processing of specially crafted project files. * * Memory double release (CWE-415) - CVE-2018-7523 This is a memory double release vulnerability caused by processing of specially crafted project files. * * Untrusted pointer reference (CWE-822) - CVE-2018-7525 There is a possibility of referring to untrusted pointers due to processing of specially crafted packets.A remote attacker could execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CDM file. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code under the context of the current process. CX-Supervisor is a Miscellaneous Shareware software. CX-Supervisor is dedicated to the design and operation of PC visualization and machine control. Omron CX-Supervisor is prone to the following security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability 3. Omron CX-Supervisor Versions 3.30 and prior are vulnerable; other versions may also be affected. Omron CX-Supervisor is a visual machine controller produced by Omron Corporation of Japan

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. TP-Link TL-WR886N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TP-LinkTL-WR886N is a wireless router product of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WR886N6.02.3.4 and 7.01.1.0. A security vulnerability exists in TP-Link TL-WR886N 6.0 2.3.4 version and 7.0 1.1.0 version