VARIoT IoT vulnerabilities database

LinksysSmartWi-FiRouters are smart Wi-Fi routers. There is an authentication bypass vulnerability in LinksysSmartWi-FiRouters. Attackers can bypass CGI scripts to collect sensitive information such as firmware version, Linux kernel version, running process list, USB device connection, WPS PIN code. Unauthenticated attackers can obtain sensitive information, such as using a set of APIs to list all connected devices and their respective operating systems, accessing firewall configurations, reading FTP configuration settings, or unzipping SMB server settings.

A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. OSIsoft PI Web API is a product for accessing PI system data. The program failed to properly validate the HTTP request. An attacker could exploit the vulnerability to perform certain unauthorized operations and access the affected application. Other attacks are also possible

The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. BlackBerrysmartphones are smart phones made by the BlackBerry. Broadcom Wi-FidriverforAndroid is a Wi-Fi driver module developed by Broadcom Inc. in the Android system. There is a security vulnerability in Broadcom Wi-FidriverforAndroid used in previous versions of the BlackBerry smartphone BuildAAE570

An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition. Rockwell Automation MicroLogix 1100 The controller contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation is a UK company providing information on industrial automation control and globalization. The MicroLogix 1100 Series is used in food, agriculture, and water and wastewater systems. A denial of service vulnerability exists in Rockwell Automation MicroLogix 1100. An attacker could exploit the vulnerability to cause a denial of service condition

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. ABBVSN300WiFiLoggerCard and VSN300WiFiLoggerCardforReact are wireless data recording card products of Swiss AseaBrownBoveri (ABB). There are security vulnerabilities in ABBVSN300WiFiLoggerCard1.8.15 and earlier and VSN300WiFiLoggerCardforReact2.1.3 and earlier. An authentication-bypass vulnerability 2. A security-bypass vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions and bypass the authentication mechanism

P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. HuaweiP9Plus is a smartphone from Huawei. A Huawei denial of service vulnerability exists in the HuaweiP9Plus denial of service vulnerability

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. Exploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. Cambium Networks ePMP Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cambium Networks ePMP is a wireless network access platform from Cambium Networks of the United States. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. Exploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. plural Hikvision The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionCameras is a camera produced by Haikang. A number of HikvisionCameras have an incorrect authentication vulnerability. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company

An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). NewportXPS-Cx is a device controller from Newport, USA, and XPS-Qx is another version of it. There are licensing issues in NewportXPS-Cx and XPS-Qx. This may lead to further attacks. All versions of XPS-Cx,XPS-Qx are vulnerable

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. plural Hikvision The product contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionDS-2CD2xx2F-ISeries and other are the webcam products of Hikvision. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company. Security flaws exist in several Hikvision products

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;

plural Dahua The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua Technology Authentication is an access control reader produced by Dahua Technology. Dahua Technology Authentication has an authentication vulnerability. An attacker could exploit the vulnerability to gain unauthorized access to restricted content by bypassing expected security restrictions. Dahua DH-IPC-HDBW23A0RN-ZS, etc. are all camera products of Dahua Company in China. A security vulnerability exists in several Dahua products due to the program's use of password hashes instead of passwords to perform authentication. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability (CWE-78). Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. Enables a locally authenticated attacker to perform command injection attacks. A security vulnerability exists in Buffalo WNC01WH devices using firmware versions 1.0.0.9 and earlier

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. Authentication is not required to exploit this vulnerability. The specific flaw exists within runscript.php applet. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet. An attacker can leverage this vulnerability to disclose files from the system. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. An information-disclosure vulnerability Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of applets which are exposed on the web service. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An authentication bypass vulnerability 4. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. An information-disclosure vulnerability Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. Schneider Electric's PowerSCADA Anywhere and Citect Anywhere Contains a certificate validation vulnerability.Information may be obtained. PowerSCADA Anywhere is SCADA and power monitoring software. Citect is an industrial automation operation and monitoring software. The program used an expired password and incorrectly verified the SSL certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack or impersonate a trusted server. Schneider Electric PowerSCADA Anywhere and Citect Anywhere are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability 2. An information-disclosure vulnerability 3. Multiple security-bypass vulnerabilities Exploiting these issues could allow an attacker to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, or gain access to the affected system. Following products and versions are vulnerable: PowerSCADA Anywhere 1.0 redistributed with PowerSCADA Expert 8.1 and PowerSCADA Expert 8.2 Citect Anywhere 1.0

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. Schneider Electric's PowerSCADA Anywhere and Citect Anywhere Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PowerSCADA Anywhere is SCADA and power monitoring software. Citect is an industrial automation operation and monitoring software. PowerSCADA Anywhere 1.0 and Citect Anywhere version 1.0 have bugs in the implementation of command delimiters. Attackers with close network locations can escape remote applications and start other processes. Schneider Electric PowerSCADA Anywhere and Citect Anywhere are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability 2. An information-disclosure vulnerability 3. Multiple security-bypass vulnerabilities Exploiting these issues could allow an attacker to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, or gain access to the affected system. Following products and versions are vulnerable: PowerSCADA Anywhere 1.0 redistributed with PowerSCADA Expert 8.1 and PowerSCADA Expert 8.2 Citect Anywhere 1.0

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. Schneider Electric's PowerSCADA Anywhere and Citect Anywhere Contains an access control vulnerability.Information may be obtained. PowerSCADA Anywhere is SCADA and power monitoring software. Citect is an industrial automation operation and monitoring software. There are information disclosure vulnerabilities in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere 1.0. An attacker with a close network location can specify any server target node in the connection request. Schneider Electric PowerSCADA Anywhere and Citect Anywhere are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability 2. An information-disclosure vulnerability 3. Multiple security-bypass vulnerabilities Exploiting these issues could allow an attacker to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, or gain access to the affected system. Following products and versions are vulnerable: PowerSCADA Anywhere 1.0 redistributed with PowerSCADA Expert 8.1 and PowerSCADA Expert 8.2 Citect Anywhere 1.0

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. Schneider Electric's PowerSCADA Anywhere and Citect Anywhere Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PowerSCADA Anywhere is SCADA and power monitoring software. Citect is an industrial automation operation and monitoring software. Schneider Electric PowerSCADA Anywhere and Citect Anywhere are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability 2. An information-disclosure vulnerability 3. Multiple security-bypass vulnerabilities Exploiting these issues could allow an attacker to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, or gain access to the affected system. Following products and versions are vulnerable: PowerSCADA Anywhere 1.0 redistributed with PowerSCADA Expert 8.1 and PowerSCADA Expert 8.2 Citect Anywhere 1.0