VARIoT IoT vulnerabilities database

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. The mpeg4dec.dll in the Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has an out-of-bounds access vulnerability. An attacker could use this vulnerability to cause a denial of service or process information leakage.

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. The mpeg4dec.dll in the Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has an out-of-bounds access vulnerability. An attacker could use this vulnerability to cause a denial of service or process information leakage.

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. Dhplay.dll in Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has a memory corruption vulnerability. An attacker can use this vulnerability to cause a denial of service attack or arbitrary code execution.

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. The dhplay.dll in the Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service attack.

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. The dhplay.dll in Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has an out-of-bounds access vulnerability. An attacker can use this vulnerability to cause a denial of service or information leakage.

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. Schneider Electric Pelco Sarix Professional Contains an information disclosure vulnerability.Information may be obtained. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.25.67. An attacker could exploit this vulnerability to obtain sensitive information. Information obtained may aid in further attacks

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue. plural F5 BIG-IP The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. There is a security hole in F5BIG-IP. An attacker could exploit the vulnerability to cause a denial of service (out of memory). Multiple F5 BIG-IP Products is prone to a memory-corruption vulnerability. Attackers can exploit this issue to obtain sensitive information or crash the application resulting in a denial-of-service condition. A security vulnerability exists in F5 BIG-IP version 13.0.0, versions 12.1.0 through 12.1.3.1, and versions 11.6.1 through 11.6.2

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. Moxa OnCell G3100-HSPA There are authentication vulnerabilities in the series.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is an intelligent, feature-rich wireless communication platform that connects network devices and serial devices to cellular TCP/IP networks. Moxa OnCell G3100-HSPA Series is prone to multiple denial-of-service vulnerabilities and an authentication-bypass vulnerability. OnCell G3100-HSPA Series 1.4 Build 16062919 and prior are vulnerable. Moxa OnCell G3100-HSPA Series is the G3100 series gateway product of Moxa

An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. Moxa OnCell G3100-HSPA The series contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is an intelligent, feature-rich wireless communication platform that connects network devices and serial devices to cellular TCP/IP networks. Moxa OnCell G3100-HSPA Series is prone to multiple denial-of-service vulnerabilities and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass authentication mechanism or to cause a denial-of-service condition; denying service to legitimate users. OnCell G3100-HSPA Series 1.4 Build 16062919 and prior are vulnerable. Moxa OnCell G3100-HSPA Series is the G3100 series gateway product of Moxa

A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. MoxaOnCellG3100-HSPA is an intelligent, feature-rich wireless communication platform that connects network devices and serial devices to cellular TCP/IP networks. Moxa OnCell G3100-HSPA Series is prone to multiple denial-of-service vulnerabilities and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass authentication mechanism or to cause a denial-of-service condition; denying service to legitimate users. OnCell G3100-HSPA Series 1.4 Build 16062919 and prior are vulnerable. Moxa OnCell G3100-HSPA Series is the G3100 series gateway product of Moxa

In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control. plural F5 BIG-IP The product contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. There is a security hole in F5BIG-IP. An attacker could exploit the vulnerability with a TCPDNS profile to cause computer performance degradation or a denial of service. Multiple F5 BIG-IP Products is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions. A security vulnerability exists in the F5 BIG-IP

On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. BIG-IP ASM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPASM (ApplicationSecurityManager) is a Web Application Firewall (WAF) from F5 Corporation of the United States that provides secure remote access, secure email protection, and simplified Web access control while enhancing network and application performance. There is a security hole in F5BIG-IPASM. An attacker could exploit this vulnerability to interrupt traffic processing and perform failover. F5 BIG-IP ASM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the application resulting in denial-of-service conditions

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. There is a denial of service vulnerability in dhplay.dll in the Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version. An attacker can use this vulnerability to cause denial of service access.

Shun network wireless routing is a management tool used to prevent idlers from getting online when WiFi sharing. A directory traversal vulnerability exists in the wireless routing along the network. An attacker can use this vulnerability to perform unauthorized operations on the wireless routing along the network.

The Play Library SDK is developed based on Dahua's proprietary stream encapsulation protocol. It is a development kit for network hard disk video recorders, network video servers, network cameras, network domes, smart devices and other products. The mpeg4dec.dll in the Zhejiang Dahua Play Library SDK_Win32_V3.39.1_20171130 version has an out-of-bounds access vulnerability. An attacker can use this vulnerability to cause a denial of service or information leakage.

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code. Schneider Electric Pelco Sarix Professional Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'. Schneider Electric Pelco Sarix Professional Contains an input validation vulnerability.Information may be tampered with. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. A security vulnerability exists in SchneiderElectricPelcoSarixProfessional with firmware prior to 3.29.67. The vulnerability stems from the failure of the /login/bin/set_param program to check the file name when processing the system.delete.sd_file parameter. A remote attacker could exploit this vulnerability to remove any system files

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. Schneider Electric Pelco Sarix Professional Contains a certificate validation vulnerability.Information may be obtained. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. An attacker could exploit this vulnerability to download any system files

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'. Schneider Electric Pelco Sarix Professional Contains an input validation vulnerability.Information may be obtained. SchneiderElectricPelcoSarixProfessional is a video surveillance device from Schneider Electric, France. An attacker could exploit this vulnerability to download arbitrary files

GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate Smartphone contains an out-of-bounds read vulnerability and an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. HuaweiMate10 is a smartphone from China's Huawei company