VARIoT IoT vulnerabilities database

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. Authentication is not required to exploit this vulnerability.The specific flaw exists within the batchlist report page. When parsing the 'to' parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. Ecava IntegraXor is a collection of tools for creating and running human-machine interfaces for web-based SCADA systems. An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ecava IntegraXor 6.1.1030.1 and prior versions are vulnerable

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. TP-Link TL-SG108E Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The TP-LinkTL-SG108E is a Gigabit Ethernet switch from China's TP-LINK. Overview ------------- Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Site Scripting (XSS) in system_name_set.cgi, sysName parameter CVE-2017-17746 - Weak access control for user authentication CVE-2017-17747 - Weak access control for user logout This is not an exhaustive list of vulnerabilities that may exist in the device firmware. Device Overview ----------------------- >From http://www.tp-link.com.au/products/details/cat-41_TL-SG108E.html - "The TL-SG108E 8-Port Gigabit Easy Smart switch is an ideal upgrade from an unmanaged switch, designed for Small and Medium Business networks that require simple network management. Network administrators can effectively monitor traffic via Port Mirroring, Loop Prevention and Cable Diagnostics features." Affected Devices ----------------------- Firmware Version: 1.0.0 Build 20160722 Rel.50167 Hardware Version: TL-SG108E 3.0 Older TL-SG108E devices may also be affected. Disclosure Timeline -------------------------- September 08th, 2017 - Vulnerabilities discovered after purchasing the device. September 10th, 2017 - Contacted TP-Link via tp-link.com.au September 12th, 2017 - TP-Link responded, requesting further information September 12th, 2017 - Responded to TP-Link with vulnerability specifics. Advised a 90 day disclosure timeline, with offer to increase deadline if TP-Link wishes. September 12th -> October 16th - Emails back and forth discussing how to trigger the vulnerabilities. October 16th, 2017 - TP-Link confirms XSS vulnerability (CVE-2017-17745), advises an updated firmware will be released. TP-Link advises two remaining vulnerabilities (CVE-2017-17746, CVE-2017-17747) will not be fixed. December 18th, 2017 - Applied to Mitre for CVE numbers. December 19th, 2017 - Mitre assigned CVE-2017-17745, CVE-2017-17746, CVE-2017-17747 December 19th, 2017 - Public disclosure. As of this date (December 19th, 2017), no updated firmware has been offered for testing, or released to the public. Notes -------- In all examples below, the TL-SG108E was configured with a LAN IP address of 192.168.1.6. Many thanks to Simon @ TP-Link for the prompt email responses. CVE-2017-17745 - Stored Cross Site Scripting (XSS) ------------------------------------------------------------------------- * Device is not validating input to the script system_name_set.cgi on the TL-SG108E or on output to screen. * Only the sysName variable in system_name_set.cgi was tested in this instance. Other fields in the management web-application may have similar problems, these were not tested. Risks: * In some network configurations (such as behind a NAT router, as outlined in CVE-2017-17746) a malicious user could store XSS on the TL-SG108E and cause the administrator of the TL-SG108E to execute arbitrary javascript code in their browser. Proof of Concept: * Authenticate to the device in a browser * Execute the following command from a terminal window: curl -vvvs -X 'GET' 'http://192.168.1.6/system_name_set.cgi?sysName=TL-SG"\]\};alert(1);</script>' * To trigger the XSS: Browse -> System -> System Info. Alert box containing '1' displays, indicating successful javascript execution. Mitigation: * Set the device password to a strong password. * Restrict access to the device from approved administrator workstations until an updated firmware is available. CVE-2017-17746 - Weak access control ------------------------------------------------------ * All information regarding authenticated sessions is stored on the TL-SG108E, no cookies are sent from the device to the client after successful authentication. Risks: * Any other browser on a PC which has authenticated, is then also treated as authenticated (Example: Login in Chrome, then open Firefox and browse to the TL-SG108E, and the session is already authenticated) * If the TL-SG108E is on the other side of a NAT router, ALL clients behind the NAT are treated as authenticated. Steps to reproduce: * Authenticate from any PC. * Any other browser on that system is then able to access the web-interface without entering authentication information. * By extension, guest VMs on that machine are then automatically authenticated. Mitigation: * Restrict access to the device from approved administrator workstations until an updated firmware is available. * Prevent any access to the web interface from devices behind a NAT router. CVE-2017-17747 - Weak access control on Logout.htm ------------------------------------------------------------------------- * Logout.htm can be called from any IP address, ending any authenticated sessions on the device. Steps to reproduce: * Authenticate from any PC. * From another PC with a different IP address, access the logout page (http://192.168.1.6/Logout.htm) * The session on the first PC has been terminated. Mitigation: * Restrict access to the device from approved administrator workstations until an updated firmware is available. -- End disclosure

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. TP-Link TL-SG108E Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The TP-LinkTL-SG108E is a Gigabit Ethernet switch from China's TP-LINK. Overview ------------- Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Site Scripting (XSS) in system_name_set.cgi, sysName parameter CVE-2017-17746 - Weak access control for user authentication CVE-2017-17747 - Weak access control for user logout This is not an exhaustive list of vulnerabilities that may exist in the device firmware. Device Overview ----------------------- >From http://www.tp-link.com.au/products/details/cat-41_TL-SG108E.html - "The TL-SG108E 8-Port Gigabit Easy Smart switch is an ideal upgrade from an unmanaged switch, designed for Small and Medium Business networks that require simple network management. Network administrators can effectively monitor traffic via Port Mirroring, Loop Prevention and Cable Diagnostics features." Affected Devices ----------------------- Firmware Version: 1.0.0 Build 20160722 Rel.50167 Hardware Version: TL-SG108E 3.0 Older TL-SG108E devices may also be affected. Disclosure Timeline -------------------------- September 08th, 2017 - Vulnerabilities discovered after purchasing the device. September 10th, 2017 - Contacted TP-Link via tp-link.com.au September 12th, 2017 - TP-Link responded, requesting further information September 12th, 2017 - Responded to TP-Link with vulnerability specifics. Advised a 90 day disclosure timeline, with offer to increase deadline if TP-Link wishes. September 12th -> October 16th - Emails back and forth discussing how to trigger the vulnerabilities. October 16th, 2017 - TP-Link confirms XSS vulnerability (CVE-2017-17745), advises an updated firmware will be released. TP-Link advises two remaining vulnerabilities (CVE-2017-17746, CVE-2017-17747) will not be fixed. December 18th, 2017 - Applied to Mitre for CVE numbers. December 19th, 2017 - Mitre assigned CVE-2017-17745, CVE-2017-17746, CVE-2017-17747 December 19th, 2017 - Public disclosure. As of this date (December 19th, 2017), no updated firmware has been offered for testing, or released to the public. Notes -------- In all examples below, the TL-SG108E was configured with a LAN IP address of 192.168.1.6. Many thanks to Simon @ TP-Link for the prompt email responses. CVE-2017-17745 - Stored Cross Site Scripting (XSS) ------------------------------------------------------------------------- * Device is not validating input to the script system_name_set.cgi on the TL-SG108E or on output to screen. * Only the sysName variable in system_name_set.cgi was tested in this instance. Other fields in the management web-application may have similar problems, these were not tested. Risks: * In some network configurations (such as behind a NAT router, as outlined in CVE-2017-17746) a malicious user could store XSS on the TL-SG108E and cause the administrator of the TL-SG108E to execute arbitrary javascript code in their browser. Proof of Concept: * Authenticate to the device in a browser * Execute the following command from a terminal window: curl -vvvs -X 'GET' 'http://192.168.1.6/system_name_set.cgi?sysName=TL-SG"\]\};alert(1);</script>' * To trigger the XSS: Browse -> System -> System Info. Alert box containing '1' displays, indicating successful javascript execution. Mitigation: * Set the device password to a strong password. * Restrict access to the device from approved administrator workstations until an updated firmware is available. CVE-2017-17746 - Weak access control ------------------------------------------------------ * All information regarding authenticated sessions is stored on the TL-SG108E, no cookies are sent from the device to the client after successful authentication. Risks: * Any other browser on a PC which has authenticated, is then also treated as authenticated (Example: Login in Chrome, then open Firefox and browse to the TL-SG108E, and the session is already authenticated) * If the TL-SG108E is on the other side of a NAT router, ALL clients behind the NAT are treated as authenticated. Steps to reproduce: * Authenticate from any PC. * Any other browser on that system is then able to access the web-interface without entering authentication information. * By extension, guest VMs on that machine are then automatically authenticated. Mitigation: * Restrict access to the device from approved administrator workstations until an updated firmware is available. * Prevent any access to the web interface from devices behind a NAT router. CVE-2017-17747 - Weak access control on Logout.htm ------------------------------------------------------------------------- * Logout.htm can be called from any IP address, ending any authenticated sessions on the device. Risks: * A denial of service condition can be triggered by calling the logout script in a loop from any machine on the network regardless of their authentication status, effectively making it impossible to access the TL-SG108E management web-application. Steps to reproduce: * Authenticate from any PC. * From another PC with a different IP address, access the logout page (http://192.168.1.6/Logout.htm) * The session on the first PC has been terminated. Mitigation: * Restrict access to the device from approved administrator workstations until an updated firmware is available. -- End disclosure

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. TP-Link TL-SG108E Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkTL-SG108E is a Gigabit Ethernet switch from China's TP-LINK. An authentication vulnerability exists in the TP-LinkTL-SG108E1.0.0 version due to the weaker access control method used by the program. An attacker could exploit the vulnerability to access the device

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. TP-Link TL-WVR and TL-WAR The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WVR and TL-WAR are both wireless router products of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WVR and TL-WAR. Multiple TP-Link Devices are prone to a remote arbitrary command-execution vulnerability

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. Kemp Load Balancer is a load balancing device produced by Kemp Technologies in the United States. There is a security vulnerability in the AFP component of Kemp Load Balancer versions 7.1.30 to 7.2.40

Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. Bose SoundTouch The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BOSESoundTouch is a wireless speaker device from BOSE Corporation of the United States. A cross-site scripting vulnerability exists in BOSESoundTouch

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to LOGO! Soft Comfort 8.2 are vulnerable

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. ABB Ellipse Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ellipse is an EAM software application for asset-intensive industries. ABB Ellipse has an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks

Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. Bose SoundTouch The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. BOSESoundTouch is a wireless speaker device from BOSE Corporation of the United States. A cross-site scripting vulnerability exists in BOSESoundTouch

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted. plural Huawei The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei SecospaceUSG series is a new generation of professional intrusion prevention and firewall products for Huawei, IDC, campus network and operators. DP300 and TP3206 are integrated desktop telepresence for high-end customers. HuaweiWEVP9660 is Huawei. Customer demand-oriented, combined with strong network equipment manufacturing advantages, developed a new generation of industry's largest capacity, flexible allocation of ports, smooth expansion of fully-adapted MCU, is a multimedia exchange platform with 1080p60 full-coded full solution and super processing capability. The successful exploitation of the vulnerability causes the stack memory resources in the system to be exhausted, and some services are abnormal. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. Secospace USG6300 is a firewall product. There are security vulnerabilities in several Huawei products. The vulnerability is caused by the program's improper processing of some fields in H.323 packets. The following products and versions are affected: Huawei DP300 V500R002C00 Version; Secospace USG6300 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; Secospace USG6500 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version, V500R001C50 Version; Secospace USG6600 V500R001C00 Version, V500R001C20 Version, V500R001C30 Version , version V500R001C50; TP3206 version V100R002C00; VP9660 version V500R002C00, version V500R002C10

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a null pointer dereference vulnerability. Due to insufficient input validation, an authenticated, local attacker may craft a specific XML file to the affected products to cause null pointer dereference. Successful exploit will cause some service abnormal. plural Huawei The product includes NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. TE series, DP300 and MAXPRESENCE are Huawei's integrated desktop telepresence products and high-definition video for high-end customers. Conference terminal products. A number of Huawei products have a null pointer reference vulnerability because the device failed to adequately verify user input. Huawei AR120-S and others are all router products of China Huawei (Huawei). There are security vulnerabilities in several Huawei products. The vulnerability is caused by insufficient verification input in the program. The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00 version, V200R008C20 version, V200R008C30 version; AR150, etc

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a buffer overflow vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to insufficient input validation, successful exploit will cause some service abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. TE series, DP300 and MAXPRESENCE are Huawei's integrated desktop telepresence products and high-definition video for high-end customers. Conference terminal products. A buffer overflow vulnerability exists in several Huawei products because the device failed to adequately verify user input. Huawei AR120-S and others are all router products of China Huawei (Huawei). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00 version, V200R008C20 version, V200R008C30 version; AR150, etc

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure. Huawei enjoys 5S, a smartphone from China's Huawei company. Huawei TAG-AL00 is a smart phone product of China Huawei (Huawei)

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a memory leak vulnerability. An authenticated, local attacker may craft a specific XML file to the affected products. Due to not free the memory to parse the XML file, successful exploit will result in memory leak of the affected products. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. TE series, DP300 and MAXPRESENCE are Huawei's integrated desktop telepresence products and high-definition video for high-end customers. Conference terminal products. Huawei AR120-S and others are all router products of China Huawei (Huawei). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00 version, V200R008C20 version, V200R008C30 version; AR150, etc

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, MAX PRESENCE V100R001C00, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00, V600R006C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10 have a denial of service vulnerability in the specific module. An authenticated, local attacker may craft a specific XML file to the affected products. Due to improper handling of input, successful exploit will cause some service abnormal. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. TE series, DP300 and MAXPRESENCE are Huawei's integrated desktop telepresence products and high-definition video for high-end customers. Conference terminal products. A denial of service vulnerability exists in several Huawei products because the device failed to properly handle user input. Huawei AR120-S and others are all router products of China Huawei (Huawei). A denial-of-service vulnerability exists in several Huawei products. The vulnerability is caused by the incorrect verification input of the program. The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00 version, V200R008C20 version, V200R008C30 version; AR150, etc

Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol. Bose SoundTouch The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BOSESoundTouch is a wireless speaker device from BOSE Corporation of the United States. There is a security hole in BOSESoundTouch

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. UCOPIA Wireless Appliance The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCOPIAWirelessAppliance is a wireless device from UCOPIA, France. A security vulnerability exists in the restricted management shells in versions prior to UCOPIAWirelessAppliance 4.4.20, 5.0.x prior to 5.0.19, and 5.1.x prior to 5.1.11. The vulnerability stems from a program failing to properly filter input

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. TP-Link TL-WVR and TL-WAR The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-WVR and TL-WAR are both wireless router products of China TP-LINK. There are security vulnerabilities in TP-LinkTL-WVR and TL-WAR

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. WECON LeviStudio HMI Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists in the handling of LeviStudio Project files. When parsing the Driver field, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. WECON LeviStudio is an HMI programming software. Wecon LEVI Studio HMI is prone to heap-based buffer-overflow vulnerability. Failed exploit attempts will likely cause denial-of-service conditions