VARIoT IoT vulnerabilities database

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. Duo Network Gateway Contains an authentication vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. An authentication bypass vulnerability exists in versions prior to DNG 1.2.10

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips Intellispace Portal Contains a cryptographic vulnerability.Information may be obtained. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An encryption issue vulnerability exists in Philips ISP versions 8.0.x and 7.0.x

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips Intellispace Portal Contains a cryptographic vulnerability.Information may be obtained. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An encryption issue vulnerability exists in Philips ISP versions 8.0.x and 7.0.x

Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. Philips Intellispace Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An elevation of privilege vulnerability exists in Philips ISP versions 7.0.x and 8.0.x

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. Philips Intellispace Portal Contains a cryptographic vulnerability.Information may be obtained. The system provides viewing of echo images and provides doctors with a single point of access. An encryption issue exists in the Philips ISP. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. Philips Intellispace Portal Contains a cryptographic vulnerability.Information may be obtained. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An encryption issue vulnerability exists in Philips ISP versions 8.0.x and 7.0.x

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. Philips Intellispace Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. Permission and access control vulnerabilities exist in Philips ISP versions 8.0.x and 7.0.x

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. Philips Intellispace Portal Contains an untrusted search path vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. Philips Intellispace Portal Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. Philips Intellispace Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. An elevation of privilege vulnerability exists in Philips ISP versions 8.0.x and 7.0.x

Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc parameter. Synology Surveillance Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Surveillance Station is an image management application from Synology Corporation. User Profile is one of the user information storage files

An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load several dynamic-link libraries using relative paths instead of the absolute path. When not using a fully qualified path, the application will first try to load the library from the directory from which the application is started. As the residing directory of PureVPNService.exe is writable to all users, this makes the application susceptible to privilege escalation through DLL hijacking. PureVPN Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PureVPN is a paid VPN service. There is a privilege escalation vulnerability in 5.19.4.0 and earlier versions of PureVPN for Windows

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523. A security vulnerability exists in the Buffalo WXR-1900DHP2 using firmware version 2.48 and earlier

Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523. A buffer overflow vulnerability exists in the firmware of BUFFALOWXR-1900DHP2Ver.2.48 and earlier

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. * Missing Authentication for Critical Function (CWE-306) - CVE-2018-0521 * Buffer Overflow (CWE-119) - CVE-2018-0522 * OS Command Injection (CWE-78) - CVE-2018-0523 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0521 * If a user views a specially crafted file while logged into the affected device, arbitrary code may be executed - CVE-2018-0522 * A user with access to the network that is connected to the affected device may execute an arbitrary command on the device - CVE-2018-0523

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Seagate BlackArmor NAS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. There is a security hole in SeagateBlackArmorNAS. A security flaw exists in Seagate BlackArmor NAS

backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. BlackArmor NAS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SeagateBlackArmorNAS is a network storage server from Seagate, Inc. that provides layered protection, data incremental and system backup, recovery, and more for business-critical data. A security vulnerability exists in the backupmgt/pre_connect_check.php file in SeagateBlackArmorNAS, which was caused by the program using a hard-coded password \342\200\230!~@##$$%FREDESWWSED\342\200\231. There are currently no detailed vulnerability descriptions. A remote attacker can exploit this vulnerability to gain root privileges on the device

Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. * Stored cross-site scripting (CWE-79) - CVE-2018-0519 * Cross-site request forgery (CWE-352) - CVE-2018-0520 Manabu Kobayashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the web browser of a user who is logging in the setting tool of the device - CVE-2018-0519 * If a user views a malicious page while logged in the setting tool of the affected product, unintended operations such as changing settings of the device may be conducted. - CVE-2018-0520

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise. eQ-3 AG HomeMatic CCU2 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. There is a security vulnerability in the /usr/local/etc/config/addons/mh/loopupd.sh file in the eQ-3 AG HomeMatic CCU2 version 2.29.22

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious software on the device. eQ-3 AG Homematic CCU2 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The eQ-3AGHomematicCCU2 is a central control unit for the German eQ-3 company that controls smart home devices. An attacker could exploit the vulnerability to create or overwrite any file or install malware on the device