VARIoT IoT vulnerabilities database

pelco Sarix Professional is a video camera. There is an unauthorized access vulnerability in the set_param program of the pelco Sarix Pro network camera. Allowing attackers to exploit vulnerabilities to remotely enable the ssh service without authentication, thereby giving full control to the camera.

pelco Sarix Professional is a video camera. There is an arbitrary file download vulnerability in the scoldownload.cgi program of the pelco Sarix Pro network camera. The vulnerability is due to the program's failure to properly check the path and name of the downloaded file, allowing an attacker to use the vulnerability to download arbitrary files on the system.

pelco Sarix Enhanced is a webcam. The pelco Sarix Enhanced GeneralSetupController.php file has a command execution vulnerability. The vulnerability is due to the program's failure to properly perform validity checks when processing user-submitted data, allowing attackers who pass web authentication to use shell metacharacters to bypass restrictions and execute arbitrary commands as root.

pelco Sarix Enhanced is a webcam. There is an arbitrary file deletion vulnerability in the pelco Sarix Enhanced GeneralSetupController.php file. The vulnerability is due to the program's failure to properly check when processing uploaded files. An attacker can delete any file in the / tmp / directory, resulting in a denial of service.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera export.cgi program. The vulnerability is due to the program's failure to perform security checks on data when executing system commands, allowing attackers to use shell metacharacters to execute arbitrary system commands as root, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. There is an XML entity injection vulnerability in the pelco Sarix Pro webcam import.cgi, which allows attackers to use the vulnerability to obtain sensitive information.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. There is a login bypass vulnerability in the pelco Sarix Pro webcam WEB management interface. Allows an attacker to bypass password authentication and log in to the WEB management interface directly as an administrator.

pelco Sarix Professional is a video camera. A weak password vulnerability exists in the pelco Sarix Pro webcam WEB management interface. The attacker can obtain a hidden management account, use this account to perform any background operation, gain management authority, and completely control the camera.

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is due to the program's failure to properly perform validity checks when processing user-submitted data, allowing attackers who have passed web authentication to use shell metacharacters to bypass restrictions and execute arbitrary commands as root.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. A code execution vulnerability exists in the pelco Sarix Pro webcam session.cgi program. The vulnerability is because the program does not check the length when processing user submitted data. A remote attacker could use the vulnerability to execute arbitrary code, resulting in a stack overflow.

pelco Sarix Professional is a video camera. There is an arbitrary file deletion vulnerability in the pelco Sarix Pro webcam set_param program. The vulnerability is because the program does not check the file name when processing parameters. An attacker can use the vulnerability to delete any file or directory, causing the camera to fail to work properly.

pelco Sarix Professional is a video camera. An information disclosure vulnerability exists in the pelco Sarix Pro network camera. Allows attackers to exploit vulnerabilities to obtain sensitive information.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is due to the program's failure to perform security checks on the parameters submitted by the user, allowing attackers to use shell metacharacters to execute arbitrary system commands as root to completely control the camera.

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to multiple HTML-Injection vulnerabilities . Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. All versions of Dell SonicWall SonicOS are vulnerable. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to bypass throttling mechanisms or filter protections

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to HTML-Injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to inject malicious code

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. Hitron CVE-30360 The device contains cryptographic vulnerabilities.Information may be obtained. HitronCVE-30360devices is a router device from China Hitron. A security vulnerability exists in the HitronCVE-30360 device that originated from the shared 578A958E3DD933FCDES key used by the program

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2721 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to using it as a memory address in a free operation. An attacker can leverage this functionality to execute code under the context of Administrator.