VARIoT IoT vulnerabilities database

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. Robotic appliance COCOROBO provided by Sharp Corporation is a robot with cleaning function. Robotic appliance COCOROBO contains a vulnerability in session management (CWE-639). Kiyotaka ATSUMI of IoT Technology Laboratory, Cyber Grid Japan, LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker on the same LAN may impersonate a user to accessing product. As a result, there is a possibility that an arbitrary operation may be conducted or information may be altered/disclosed

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. Huawei Smartphone software MTK The platform contains an information disclosure vulnerability.Information may be obtained. Huawei Enjoy 6 is a smartphone from China's Huawei company

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information may be obtained. Huawei Enjoy 6 is a smartphone from China's Huawei company

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read. Huawei Smartphone software MTK The platform contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. Huawei enjoys the memory out-of-bounds access vulnerability on the 6MTK platform

An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866. NVIDIA Tegra X1 Contains vulnerabilities related to authorization, permissions, and access control. This vulnerability Android ID: A-38415808 and NVIDIA N-CVE-2017-0866 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GooglePixel is a smartphone device from Google Inc. in the United States. The NVIDIA TegraX1 is a processor chip used by NVIDIA. Directrenderinginfrastructur is one of the architectures for direct access to graphics hardware

Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300, RP200, RSE6500, TX50, VP9660, TE series and ViewPoint series are Huawei's integrated desktop telepresence products and high-definition video conferencing terminal products for high-end customers. A number of Huawei products have an out-of-bounds vulnerability because the device failed to adequately verify user input. Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. ViewPoint is a multi-point control unit of a video conference system. There are security vulnerabilities in several Huawei products. The following products and versions are affected: DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; RSE6500 V500R002C00 Version; TE30 V100R001C02 Version, V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TX50 V500R002C00 Version, V600R006C00 Version; VP9660 V500R002C00 Version, V500R002C10 Version; ViewPoint 8660 V100R008C03 Version; ViewPoint 9030 V100R011C02 Version, V100R011C03 Version; Viewpoint 8660 V100R008C03 Version

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797. Vendors have confirmed this vulnerability Bug ID CSCvg22923 , CSCvg55112 , CSCvg55128 , CSCvg55145 , CSCvg58619 , CSCvg64453 , CSCvg64456 , CSCvg64464 , CSCvg64475 ,and CSCvg68797 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Voice OS is prone to a unauthorized access vulnerability. This may lead to further attacks. Cisco Voice Operating System is a set of voice operating system of Cisco (Cisco). Cisco Unified Communications Manager (UCM) is a call-processing component of a unified communications system. Unified Communication Manager Session Management Edition (SME) is its session management version. The following products are affected: Cisco Unified Communications Manager (UCM); Unified Communication Manager Session Management Edition (SME); Emergency Responder; Unity ConnectionCisco Unified Communications Manager IM and Presence Service (IMP, formerly Cisco Unified Presence); Hosted Collaboration Mediation Fulfillment; Unified Contact Center Express (UCCx); SocialMiner; Unified Intelligence Center (UIC); Finesse; MediaSense

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. plural Moxa NPort The product contains an information disclosure vulnerability.Information may be obtained. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition

An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. plural Moxa NPort The product contains an injection vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5110, 5130 and 5150 are all Moxa's serial communication servers for connecting industrial serial devices to the network. A number of MoxaNport products have a denial of service vulnerability, and attackers launch denial of service attacks by injecting packets that can corrupt device availability. Multiple Moxa NPort products are prone to multiple denial-of-service vulnerabilities and an information-disclosure vulnerability. An attacker can exploit these issues to obtain sensitive information or cause excessive consumption of resources or crash of application resulting in a denial of service condition. A security vulnerability exists in the Moxa NPort 5110, 5130, and 5150

Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. Vonage VDV-23 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. VonageVDV-23115 is a routing repeater from Vonage Corporation of the United States. A cross-site scripting vulnerability exists in Vonage VDV-231153.2.11-0.9.40. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a NewKeyword or NewDomain field to /goform/RgParentalBasic

Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. Amazon Key Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Amazon Key is prone to a security weakness. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. An attacker could exploit this vulnerability to freeze the camera image

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. Vendors have confirmed this vulnerability Bug ID CSCvg12559 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. ArrisTG1682Gdevices is a Modem (Modem) router all-in-one device from Arris Group of the United States. ComcastTG1682_2.0s7_PRODse is a firmware developed by Comcast Corporation of the United States. A cross-site scripting vulnerability exists in the ArrisTG1682G device using the ComcastTG1682_2.0s7_PRODse10.0.59.SIP.PC20.CT version. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the actionHandler/ajax_managed_services.php service parameter

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. Vendors have confirmed this vulnerability IBM X-Force ID: 131852 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. IBM Jazz Team Server affects the following IBM Rational products: Collaborative Lifecycle Management (CLM) Rational DOORS Next Generation (RDNG) Rational Engineering Lifecycle Manager (RELM) Rational Team Concert (RTC) Rational Quality Manager (RQM) Rational Rhapsody Design Manager (Rhapsody DM) Rational Software Architect (RSA DM)

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot. Huawei Smartphone software contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Glory 8 is a smartphone from China's Huawei company. Huawei Smart Phones are prone to a buffer-overflow vulnerability. Attackers can exploit this issue to reboot the system, denying service to legitimate users

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955. Cisco FindIT Network Discovery Utility Contains a vulnerability related to uncontrolled search path elements. Vendors have confirmed this vulnerability Bug ID CSCvf37955 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoFindITNetworkDiscoveryUtility is a network device manager from Cisco. This product provides management capabilities for Cisco network devices. A local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. Cisco HyperFlex System Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg31472 It is released as.Information may be obtained. Cisco HyperFlexSystem is a data platform device from Cisco. Systemlogging is one of the system loggers

FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. FusionSphere Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere is a product of Huawei and is a cloud operating system product based on the OpenStack framework. There is a command injection vulnerability in HuaweiFusionSphere, because the program failed to fully verify the device input. The system provides virtualization functions, resource pool management and cloud basic service tools, etc

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. Cisco Spark Board Contains a vulnerability related to configuration settings. Vendors have confirmed this vulnerability Bug ID CSCvf84502 It is released as.Information may be tampered with. CiscoSparkBoard is a tablet device dedicated to video conferencing by Cisco. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiBerlin-L21, L21HN, L22, L22HN, L23, L24HN, and FRD-L02, L04, L09, L14, and L19 are all Huawei smartphones. Huawei Berlin-L21 and others are all smartphone products of China's Huawei (Huawei). Several Huawei products have security vulnerabilities. The following products and versions are affected: Huawei Berlin-L21 Berlin-L21C10B130 version, Berlin-L21C185B133 version, Berlin-L21HN Berlin-L21HNC10B131 version, Berlin-L21HNC185B140 version, Berlin-L21HNC432B151 version; Berlin-L22HNC636B130 Version, Berlin-L22HNC675B150CUSTC675D001 Version; Berlin-L23 Berlin-L23C605B131 Version; Berlin-L24HN Berlin-L24HNC567B110 Version; FRD-L02 FRD-L02C432B120 Version, FRD-L02C635B130 Version, FRD-L02C675B170CUSTC675D001 Version; FRD-L04 FRD-L04C567B162 Version, FRD-L04C605B131 version; FRD-L09 FRD-L09C10B130 version, FRD-L09C185B130 version, FRD-L09C432B131 version, FRD-L09C636B130 version; FRD-L14 FRD-L14C567B162 version; , FRD-L19C636B130 version