VARIoT IoT vulnerabilities database

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets. Brother DCP-J132W Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The BrotherDCP-J132W is a printer from Brother. Debut embedded httpd is one of the embedded servers

An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9862Information may be obtained. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9851Service operation interruption (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorerprogram is a photovoltaic device management software from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologySunnyExplorerprogram. An attacker could exploit the vulnerability to cause a denial of service

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9852Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9853Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. This vulnerability stems from the fact that the program uses a weaker password policy that an attacker can use to obtain a password

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9854Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. An attacker could exploit the vulnerability to obtain information and create and save a .txt file

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9855Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter. An attacker could exploit this vulnerability to change sensitive parameters

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9856Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany

An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9857Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in SMASolarTechnologyinverter that stems from a failure to properly use cryptographic authentication. An attacker can exploit this vulnerability to implement man-in-the-middle and replay attacks and change settings

An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9858Information may be obtained. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9859Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany

An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9861Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologyinverter

An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for data analysis unreliable. NOTE: the vendor reports that this is largely irrelevant because it only affects log-entry timestamps, and because the plant time would later be reset via NTP. (It has never been the case that a lockout policy or random-number generator was affected.) Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9864Information may be tampered with. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. SMASolarTechnologyinverter has an access control error vulnerability

An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9863Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. The vulnerability could be exploited by a remote attacker to change the settings of the inverter

An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9860Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. An attacker could exploit the vulnerability to upgrade the firmware of the device

Eaton ELCSoft Programming Software is a suite of software for configuring programmable logic controllers. Eaton ELCSoft Programming Software has multiple buffer overflow vulnerabilities that stem from failure to perform sufficient boundary checking before copying user data into undersized buffers. An attacker can exploit a vulnerability to execute arbitrary code in an affected application environment, and a failed attack can result in a denial of service. Failed exploits will result in denial-of-service condition

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution. Huawei smartphone honor 5C and 6x Driver contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweihonor6x and honor5C are both smartphones of China's Huawei company. A buffer overflow vulnerability exists in the driver prior to Huaweihonor6xBerlin-L21HNC432B360 and honor5CNEM-AL10C00B356. The vulnerability stems from a program not adequately detecting parameters

The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution. Huaweihonor6x is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the driver prior to Huaweihonor6xBerlin-L21HNC432B360. The vulnerability stems from a program not adequately detecting parameters

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution. Huawei smartphone honor 5C and 6x Driver contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweihonor6x and honor5C are both smartphones of China's Huawei company. A buffer overflow vulnerability exists in the driver prior to Huaweihonor6xBerlin-L21HNC432B360 and honor5CNEM-AL10C00B356. The vulnerability stems from a program not adequately detecting parameters

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution. Huawei smartphone honor 5C and 6x Driver contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huaweihonor6x and honor5C are both smartphones of China's Huawei company. A buffer overflow vulnerability exists in the driver prior to Huaweihonor6xBerlin-L21HNC432B360 and honor5CNEM-AL10C00B356. The vulnerability stems from a program not adequately detecting parameters