VARIoT IoT vulnerabilities database

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Synology File Station Contains a path traversal vulnerability.Information may be tampered with. This tool enables users to access files on Synology NAS devices via the web

Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. Synology Chat Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Chat is an instant chat tool developed by Synology. Slash Command Creator is one of the Slash command tools

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. A remote attacker could exploit this vulnerability to change a calendar's events

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. Synology MailPlus Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology MailPlus Server is an email service suite from Synology. The product supports the management of user accounts, mail records, etc. Disclaimer is one of the disclaimer modules

Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. The smart.cgi file in versions earlier than Synology DSM 5.2-5967-5 has a command injection vulnerability

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. Synology Chat Contains a server-side request forgery vulnerability.Information may be obtained. Synology Chat is an instant chat tool developed by Synology. Link Preview is one of the link preview components

An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. Synology CardDAV Server Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology CardDAV Server is an application from Synology for synchronizing contacts. There is a security vulnerability in /principals in Synology CardDAV Server versions earlier than 6.0.7-0085. The vulnerability is due to the fact that the program does not limit the number of authentication times

Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. Synology Audio Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Audio Station is an audio manager from Synology

XeroxPrinters is a Fuji Xerox (China) Co., Ltd. printer and MFP for SMEs and individual families. XeroxPrinters has a certification bypass vulnerability. An attacker exploits a vulnerability to enforce authentication.

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. Lenovo E95 , ThinkCentre M710s and M710t Contains vulnerabilities related to security features.Information may be tampered with. LenovoE95 and ThinkCentreM710s/M710t are desktop computers of Lenovo China. An attacker could exploit this vulnerability to run a boot loader at system startup, reducing the protection of rootkits

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Traffic Management Microkernel (TMM) is one of the service processes that performs traffic management. The following products and versions are affected: F5 BIG-IP LTM Version 12.0.0 through 12.1.2, Version 11.6.0 through Version 11.6.1; BIG-IP AAM Version 12.0.0 through Version 12.1.2, Version 11.6.0 to 11.6.1; BIG-IP AFM 12.0.0 to 12.1.2, 11.6.0 to 11.6.1; BIG-IP Analytics 12.0.0 to 12.1.2, 11.6.0 to 11.6 .1 version; BIG-IP APM version 12.0.0 through 12.1.2, version 11.6.0 through version 11.6.1; BIG-IP ASM version 12.0.0 through version 12.1.2, version 11.6.0 through 11.6.1 Versions; BIG-IP DNS version 12.0.0 to 12.1.2; BIG-IP GTM version 11.6.0 to 11.6.1; BIG-IP Link Controller version 12.0.0 to 12.1.2, 11.6.0 to Version 11.6.1; BIG-IP PEM Version 12.0.0 through Version 12.1.2, Version 11.6.0 through Version 11.6.1; BIG-IP WebSafe Version 12.0.0 through Version 12.1.2, Version 11.6.0 through Version 11.6. 1 version

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. plural F5 BIG-IP The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. F5 BIG-IP LTM, etc. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. plural F5 BIG-IP The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to cause the service to restart resulting in a denial-of-service condition. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. The following products and versions are affected: BIG-IP LTM version 12.0.0 to version 12.1.2, version 11.6.0 to version 11.6.12, version 11.4.1 to version 11.5.42, version 11.2.1; BIG-IP Analytics 12.0.0 to 12.1.2, 11.6.0 to 11.6.12, 11.4.1 to 11.5.42, 11.2.1; BIG-IP APM 12.0.0 to 12.1.2, 11.6 .0 to 11.6.12, 11.4.1 to 11.5.42, 11.2.1; BIG-IP ASM 12.0.0 to 12.1.2, 11.6.0 to 11.6.12, 11.4. 1 to 11.5.42, 11.2.1; BIG-IP Link Controller 12.0.0 to 12.1.2, 11.6.0 to 11.6.12, 11.4.1 to 11.5.42, 11.2. 1 version; BIG-IP AAM version 12.0.0 to 12.1.2, 11.6.0 to 11.6.12, 11.4.1 to 11.5.42; BIG-IP AFM version 12.0.0 to 12.1.2 , version 11.6.0 to version 11.6.12, version 11.4.1 to version 11.5.42; BIG-IP PEM version 12.0.0 to version 12.1.2, version 11.6.0 to version 11.6.12, version 11.4.1 to Version 11.5.42; BIG-IP DNS versions 12.0.0 through 12.1.2; BIG-IP Edge Gateway 11.2

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed. plural F5 BIG-IP The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4; BIG-IP AAM version 12.0.0 to version 12.1.2, version 11.6.0 to version 11.6.1, version 11.4.0 to version 11.5.4; BIG-IP AFM version 12.0.0 to version 12.1.2, version 11.6.0 to version 11.6.1, 11.4.0 to 11.5.4; BIG-IP APM 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4; BIG-IP ASM 12.0. 0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4; BIG-IP Link Controller 12.0.0 to 12.1.2, 11.6.0 to 11.6. 1 release, 11.4.0 to 11.5.4 release; BIG-IP PEM release 12.0.0 to 12.1.2 release, 11.6.0 release to 11.6.1 release, 11.4.0 release to 11.5.4 release; BIG-IP PSM version 11.4.0 to version 11.4.1

In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. F5 BIG-IP AAM and PEM Contains a resource management vulnerability.Denial of service (DoS) May be in a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to cause the service to restart resulting in a denial-of-service condition. F5 BIG-IP AAM is an application acceleration manager. PEM is a policy enforcement manager. F5 BIG-IP AAM and PEM have security vulnerabilities. The following products and versions are affected: F5 BIG-IP AAM Version 12.0.0 through 12.1.1, Version 11.6.0 through Version 11.6.1, Version 11.4.1 through Version 11.5.4; BIG-IP PEM Version 12.0.0 to version 12.1.1, version 11.6.0 to version 11.6.1, version 11.4.1 to version 11.5.4

Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. Axis 2100 Network Camera Contains a cross-site scripting vulnerability. The problem is CVE-2007-5214 And may overlap.Information may be obtained and information may be altered. The Axis2100NetworkCamera is a wireless camera product from Axis, Sweden. Webadministrationportal is one of the web management pages

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. Cisco Umbrella Virtual appliances contain vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoUmbrellaVirtualAppliance is a cloud-based secure Internet gateway device from Cisco. A security vulnerability exists in Cisco Umbrella VirtualAppliance 2.0.3 and earlier. This vulnerability could be exploited by a remote attacker to gain access to the device and to fully control the device. This may lead to further attacks. Timeline December 22, 2015 - Notified OpenDNS via security@opendns.com December 22, 2015 - OpenDNS responded stating that they will investigate January 4, 2016 - Asked for an update on their investigation January 11, 2016 - OpenDNS said they are working through a number of options to resolve the issue February 2, 2016 - OpenDNS advised they've shortlisted a couple of solutions and will provide another update in a week or so February 17, 2016 - OpenDNS said they would like to schedule a call to discuss February 24, 2016 - Had a call with OpenDNS to discuss possible solutions April 22, 2016 - Asked for an update on the progress of the fix May 3, 2016 - Asked for an update on the progress of the fix July 27, 2016 - Sent the vulnerability details to the Cisco PSIRT team July 29, 2016 - Cisco assigned a case number and asked to schedule a call to discuss August 17, 2016 - Had a call with the Cisco PSIRT team to discuss possible solutions September 26, 2016 - Asked for an update on the progress of the fix October 6, 2016 - Cisco provided a status update December 14, 2016 - Asked for an update on the progress of the fix December 19, 2016 - Cisco provided a status update January 10, 2017 - Asked for an update on the progress of the fix January 10, 2017 - Cisco provided a status update May 26, 2017 - Cisco assigned CVE-2017-6679 and advised that the issue would be made public in the next week June 2, 2017 - Cisco asked to move the disclosure date to August 31, 2017 August 30, 2017 - Cisco released virtual appliance version 2.1.0 which resolves this vulnerability by removing the undocumented reverse SSH tunnel September 21, 2017 - Cisco published a security advisory to document this issue Solution Upgrade to virtual appliance 2.1.0 or later https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15 CVE-ID: CVE-2017-6679

Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. ASUSWRT Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. The HTTPd server in Asusasuswrt 3.0.0.4.380.7743 and earlier has a login user IP verification vulnerability. An attacker who knows the session token can exploit the vulnerability to bypass the IP authentication mechanism and perform any action by sending a request with a special useragent. HTTPd server is one of the HTTP servers

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. Asus asuswrt Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. An attacker could exploit this vulnerability to gain access to the router administrator. HTTPd server is one of the HTTP servers. The vulnerability is caused by the program generating easily guessable session tokens

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. Asus asuswrt Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSWRT is the unified firmware used by ASUS in its latest routers and is the web-based graphical user interface of the ASUS router. A plaintext password storage vulnerability exists in Asusasuswrt 3.0.0.4.380.7743 and earlier. An attacker could exploit the vulnerability to obtain password information. HTTPd server is one of the HTTP servers