VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201803-0122 CVE-2017-10853 Multiple vulnerabilities in CG-WGR1200 CVSS V2: 5.8
CVSS V3: 8.8
Severity: High
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
VAR-201803-0121 CVE-2017-10852 Multiple vulnerabilities in CG-WGR1200 CVSS V2: 5.8
CVSS V3: 8.8
Severity: High
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
VAR-201803-1036 CVE-2017-17220 plural Huawei Product out-of-bounds vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An attacker can send a packet attack with a special parameter to the device. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The vulnerability is due to the fact that the program does not fully verify packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00
VAR-201803-1049 CVE-2017-17250 plural Huawei Vulnerability related to out-of-bounds writing in products CVSS V2: 7.1
CVSS V3: 6.5
Severity: MEDIUM
Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. A security vulnerability exists in several Huawei products due to the failure of the program to properly validate user-submitted data. There are security vulnerabilities in several Huawei products. The following products and versions are affected: Huawei AR120-S V200R005C32 Version; AR1200 V200R005C32 Version; AR1200-S V200R005C32 Version; AR150 V200R005C32 Version; AR150-S V200R005C32 Version; AR160 V200R005C32 Version; AR200 V200R005C32 Version; AR200-S V200R005C32 Version; AR2200- S V200R005C32 version; AR3200 V200R005C32 version; V200R007C00 version; AR510 V200R005C32 version; NetEngine16EX V200R005C32 version;
VAR-201803-1035 CVE-2017-17219 plural Huawei Vulnerability related to input validation in products CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. An attacker can send a packet attack with a special parameter to the device. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The vulnerability is due to the fact that the program does not fully verify packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00
VAR-201803-0123 CVE-2017-10854 Multiple vulnerabilities in CG-WGR1200 CVSS V2: 5.8
CVSS V3: 8.8
Severity: High
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
VAR-201803-2366 No CVE D-Link DGS-3000-10TC Cross-Site Request Forgery Vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
D-LinkDGS-3000-10TC is a network switch of D-Link. A cross-site request forgery vulnerability exists in firmware for D-LinkDGS-3000-10TC2.00.006, which could allow an attacker to change configuration settings and create new users.
VAR-201803-0200 CVE-2017-17322 Huawei Honor Smart Scale Application Information disclosure vulnerability in Japanese software CVSS V2: 4.3
CVSS V3: 4.3
Severity: MEDIUM
Huawei Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure
VAR-201803-2075 CVE-2018-5313 Rapid SCADA Permissions vulnerability

Related entries in the VARIoT exploits database: VAR-E-201803-0081
CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Rapid SCADA Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rapid Scada is a free open source SCADA software. The software supports the creation of systems such as industrial automation, home automation, and energy accounting
VAR-201803-2354 No CVE Huama smart gate latches in hardware loophole CVSS V2: 2.1
CVSS V3: -
Severity: LOW
Guangzhou Huama Building Material Co., Ltd. is a modern professional manufacturer integrating scientific research, production and sales. Huama smart door latched in a hardware loophole. The loophole is due to the radio signal of Huama door lock without anti-replay means. An attacker could use this vulnerability to perform a replay attack.
VAR-201803-2155 CVE-2018-4838 plural Siemens Access control vulnerabilities in products CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SIPROTEC 4, SIPROTEC Compact and Reyrolle equipment offer a wide range of centralized protection, control and automation functions for substations and other applications. Multiple Siemens EN100 Ethernet Modules are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. A security vulnerability exists in the web interface (TCP/80) in several Siemens products
VAR-201803-2157 CVE-2018-4840 Siemens Multiple Product File Upload Vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SiemensDIGSI and others are products of Siemens AG. SiemensDIGSI is a configuration operating software for a microcomputer protection device. A security vulnerability exists in several Siemens products that stems from a program failing to authenticate important features. Siemens DIGSI, etc
VAR-201803-2156 CVE-2018-4839 plural Siemens Authorization vulnerabilities in products CVSS V2: 3.5
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. plural Siemens The product contains an authorization vulnerability.Information may be obtained. Siemens DIGSI and others are products of Siemens AG. The Siemens DIGSI is a configuration operating software for the microcomputer protection. EN100 Ethernet module The IEC 61850 variant is an Ethernet module product. Security vulnerabilities exist in several Siemens products. An attacker could exploit the vulnerability to re-establish an access authorization password
VAR-201803-1075 CVE-2017-6152 BIG-IQ Centralized Management Vulnerabilities related to authorization, permissions, and access control CVSS V2: 2.1
CVSS V3: 6.7
Severity: MEDIUM
A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. BIG-IQ Centralized Management Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IQ Centralized Management is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments
VAR-201803-1367 CVE-2018-0141 Cisco Prime Collaboration Vulnerabilities related to the use of hard-coded credentials CVSS V2: 7.2
CVSS V3: 8.4
Severity: HIGH
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. Vendors have confirmed this vulnerability Bug ID CSCvc82982 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments
VAR-201803-1595 CVE-2018-0216 Cisco Identity Services Engine Vulnerable to cross-site request forgery CVSS V2: 5.8
CVSS V3: 5.4
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805. Vendors have confirmed this vulnerability Bug ID CSCvf69805 It is released as.Information may be obtained and information may be altered. Other attacks are also possible. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-201803-2237 CVE-2018-7565 Polycom QDX 6000 Device cross-site request forgery vulnerability CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
CSRF exists on Polycom QDX 6000 devices. Polycom QDX 6000 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomQDX6000devices is a video conferencing terminal device from Polycom. The Webapplicationinterface is one of the web application interfaces. A cross-site request forgery vulnerability exists in the Webapplication interface in the PolycomQDX6000 device. A remote attacker can exploit this vulnerability to change any configuration settings
VAR-201803-2173 CVE-2018-7473 SO Connect SO WIFI Hot spot Web Open redirect vulnerability in interface CVSS V2: 5.8
CVSS V3: 6.1
Severity: MEDIUM
Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. SOConnectSOWIFIhotspot is a Wi-Fi hotspot device. Webinterface which is a web management interface. An open redirect vulnerability exists in the SOConnectSOWIFIhotspotwebinterface 137 release
VAR-201803-0164 CVE-2017-17279 Huawei Mate 9 Pro Smartphone software access control vulnerability CVSS V2: 4.3
CVSS V3: 5.5
Severity: MEDIUM
The soundtrigger module in Huawei Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone. HuaweiMate9Pro is a smartphone from Huawei. Huawei Smart Phones are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. The Huawei Mate 9 Pro is a smartphone from the Chinese company Huawei. The soundtrigger module is one of the speech recognition modules
VAR-201803-1600 CVE-2018-0221 Cisco Identity Services Engine In OS Command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an administrative user, issuing a specific CLI command, and entering crafted, malicious user input for the command parameters. An exploit could allow the attacker to perform command injection to the lower-level Linux operating system. It is also possible the attacker could cause the ISE user interface for this management session to hang or disconnect. Cisco Bug IDs: CSCvg95479. Vendors have confirmed this vulnerability Bug ID CSCvg95479 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies