VARIoT IoT vulnerabilities database

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f00, the value for the `dstend` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d018958, the value for the `city` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018e58, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181ec, the value for the `gate` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

The playback SDK is a supporting product of Dahua compression cards and hard disk video recorders. It supports all Dahua stream formats, as well as Hisilicon's h264 stream and ADI's h264 stream. There is an out-of-bounds access vulnerability in dhplay.dll of the playback library SDK provided by Zhejiang Dahua. An attacker could use this vulnerability to cause a denial of service attack or process information disclosure.

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, TE series and TX50 are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify the parameters in the message. The exploit exploited this vulnerability through a carefully constructed HTTP message to cause some service exceptions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 version, V600R006C00 version

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei's smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters

PolycomHDX is a high-definition series of network cameras. A remote code execution vulnerability exists in PolycomHDX endpoints. An attacker can exploit a vulnerability to execute arbitrary code in the context of an application. A failed exploit can result in a denial of service condition. HDX 3.1.11 hotfix 1 and prior versions are affected

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter. DBL DBLTek Device Web The server OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DBLDBLTekdevices is a gateway product from China's DBL. Webserver is one of the web servers. A security vulnerability exists in the web server on the DBLDBLTek device. A remote attacker could exploit the vulnerability to execute arbitrary operating system commands by obtaining an administrator password and using it in HTTPBasicAuthentication

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. Shenzhen Tenda Ac9 , Ac15 ,and Ac18 The device contains a path traversal vulnerability.Information may be obtained. ShenzhenTendaAc9 and other are the wireless router products of Tenda. App_data_center is one of the application data centers. A directory traversal vulnerability exists in app_data_center in several ShenzhenTenda products. A remote attacker can exploit this vulnerability to read arbitrary files. The following products and versions are affected: Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01 Version, Ac9 ac9_kf_V15.03.05.19(6318_)_cn Version, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01 Version, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01 Version , Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01 version, Ac18 ac18_kf_V15.03.05.19(6318_)_cn version

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. Huawei HonorV9play is a smartphone from Huawei. Huawei Honor V9 play is a smartphone product of the Chinese company Huawei

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. plural Siemens The product contains data processing vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensSIMATICS7-200Smart and others are products of Siemens AG. The Siemens SIMATICS7-200Smart is a programmable logic controller (PLC) for use in small and medium-sized automation systems. SIMATICWinACRTX2010incl is a software controller for automation solutions. A denial of service vulnerability exists in several Siemens products. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions < V8.2.1), SIMATIC S7-300 (All versions < V3.X.16), SIMATIC S7-1200 (All versions < V4.2.3), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP IM155-5 PN HF (All versions < V4.2), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN HF (All versions < V4.2.0), SIMATIC ET 200SP IM155-6 PN HA (All versions < V1.1.0), SIMATIC ET 200SP IM155-6 PN BA (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions), SIMATIC ET 200SP IM155-6 PN HS (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF6), SINAMICS DCP w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 prior to V4.7 w. PN (All versions < V4.7), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.7 SP1 w. PN (All versions), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions < V4.2.0), SIMOCODE pro V PROFINET (All versions < V2.1.1), SIRIUS Soft Starter 3RW44 PN (All versions), SIMOCODE pro V EIP (All versions < V1.0.2). Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-200 Smart prior to V2.03.01; SIMATIC S7-400 PN/DP V7 CPU family (SIPLUS variants); SIMATIC S7-410 V8 CPU family (SIPLUS variants); SIMATIC S7- 300 CPU family (related to ET200 CPUs and SIPLUS variants); SIMATIC S7-1200 CPU family (related to SIPLUS variants); SIMATIC S7-1500 CPU family (related to ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller prior to V2.0 wait

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal. plural Huawei OceanStor The product contains an access control vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Huawei OceanStor series is a unified storage product based on the fusion concept and optimized for flash memory. It meets the requirements of cloud system for higher performance, lower latency and more flexibility of storage systems. A number of Huawei OceanStor products have access control vulnerabilities because the device failed to properly control access to some resources. Huawei OceanStor 2800 V3 and others are storage systems for mid-to-high-end storage produced by China's Huawei (Huawei). The following products and versions are affected: Huawei OceanStor 2800 V3 V300R003C00 Version, V300R003C20 Version; OceanStor 5300 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 Version; OceanStor 5500 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 Version; OceanStor 5600 V3 V300R003C00 Version, V300R003C10 Version, V300R003C20 version; OceanStor 5800 V3 V300R003C00 version, V300R003C10 version, and V300R003C20 version

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01679c, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. Insteon Hub Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. Insteon Hub Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d0175f4, the value for the `gbt` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_b, at 0x9d015cfc, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. Insteon Hub Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state