VARIoT IoT vulnerabilities database

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the administrative console of the device may execute an arbitrary OS command - CVE-2017-10813 * A user who can access the administrative console of the device may execute arbitrary code - CVE-2017-10814

The Fixon K2 (PSG1218) router is a new-generation wireless router necessary for entry-level users. The Feixun K2 wireless router has an unauthorized access vulnerability. An attacker can use the vulnerability to obtain detailed information of all terminal devices in the LAN without logging in. They can also perform unauthorized operations, such as modifying the speed limit value of connected devices and preventing them from surfing the Internet.

Zhengzhou New Cape Electronic Data Gateway Equipment is a network equipment product. An information disclosure vulnerability exists in the Zhengzhou New Cape Electronic Data Gateway device. An attacker could use this vulnerability to obtain sensitive information.

Fizen Router Android App is an app for managing Fizen router. There is a logic flaw in the Phenom K2 wireless router. An attacker could use this vulnerability to obtain the router administrator username and password in an unlogged state, and then control the router.

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Information leakage due to differences in processing time (CWE-208) - CVE-2017-3226 Das U-Boot of AES-CBC The encryption process is deficient in the process when reading the encrypted environment variable. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet

An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. SmartLog Diabetes Management Software is software for tracking and monitoring individual blood glucose levels by connecting a blood glucose meter to a computer via USB. i-SENS SmartLog Diabetes Management Software has a code execution vulnerability

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. A remote attacker could exploit this vulnerability to bypass security restrictions

XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. IntelbrasWirelessN150Mbpsrouter is a wireless router from Brazil's Intelbras. A remote attacker can exploit this vulnerability to steal wireless certificates

Google Android Bootloaders are prone to the following multiple security vulnerabilities- 1. Multiple unspecified memory-corruption vulnerabilities 2. Multiple unspecified denial-of-service vulnerabilities 3. Multiple unspecified security-bypass vulnerabilities Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application or bypass security mechanisms. Failed exploit attempts will likely result in denial-of-service conditions.

An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services. iniNet Solutions SCADA Web Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed attempts may lead to denial-of-service conditions

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. Moxa SoftCMS Live Viewer is a set of data remote monitoring and debugging software developed by Moxa for industrial automation systems

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition. The vulnerability is caused by the program not checking the size of the input buffer

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device

An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. A remote attacker can exploit this vulnerability to implement a man-in-the-middle attack

A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. A remote attacker can exploit this vulnerability to access the FTP server

An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module. NXP Semiconductors Provided by MQX RTOS Has multiple vulnerabilities. Buffer overflow (CWE-120) - CVE-2017-12718 MQX version 5.0 of RTCS DHCP On the client, DHCP option 66 and 67 The data length check corresponding to is not performed correctly. A remote third party crafted these data items DHCP Sending a packet can cause a buffer overflow and execute arbitrary code. Read out of bounds (CWE-125) - CVE-2017-12722 MQX version 4.1 And earlier DNS The client is illegal DNS The packet size cannot be handled properly and an out-of-region memory reference occurs. Remote third party crafted DNS Sending a packet causes an out-of-region memory reference and disrupts service operation ( DoS ) Is possible.The expected impact depends on each vulnerability, but can be affected as follows: * * Crafted by a remote third party DHCP By sending a packet, arbitrary code is executed with system privileges. - CVE-2017-12718 * * Crafted by a remote third party DNS By sending a packet, service disruption ( DoS ) - CVE-2017-12722. A buffer-overflow vulnerability 2. A denial-of-service vulnerability 3. An access-bypass vulnerability 4. Multiple security-bypass vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Attackers can exploit these issues to crash the application, resulting in a denial-of-service condition

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640. Cisco IOS and Cisco IOS XE Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb14640 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state