VARIoT IoT vulnerabilities database

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872. Vendors have confirmed this vulnerability Bug ID CSCve76872 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible. The platform provides functions such as report-related business data and comprehensive display of call center data

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856. Vendors have confirmed this vulnerability Bug ID CSCve76848 and CSCve76856 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377. plural Cisco The product contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb48377 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoSmallBusiness300SeriesManagedSwitches, etc. are all Cisco (Cisco) switch devices. SecureShell (SSH) subsystem is one of the data encryption transmission subsystems. A denial of service vulnerability exists in the SSH subsystem of several Cisco products due to a program failing to properly handle SSH connections

Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. Huawei P8 Contains an information disclosure vulnerability.Information may be obtained. HuaweiP8 is a smartphone product from China's Huawei company. The vulnerability stems from the P8 mobile phone failing to judge its own security status when sending specific signaling to the base station. The attacker can use the pseudo base station to construct a specific scenario to exploit the vulnerability to obtain signaling (including the userequipment (UE) wireless signal strength measurement value) before the P8 completes the security activation. The following versions are affected: Huawei versions prior to GRA-CL00C92B210, versions prior to GRA-L09C432B200, versions prior to GRA-TL00C01B210, versions prior to GRA-UL00C00B210

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. ARM Trusted Firmware Contains an integer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ARM Trusted Firmware is an implementation of various ARM interface standards. A security vulnerability exists in the BL1 FWU SMC handling code in versions prior to ARM Trusted Firmware 1.4

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762. Vendors have confirmed this vulnerability Bug ID CSCve70762 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco UCS Central Software is a set of Cisco UCS (Unified Computing System) resource management and monitoring solutions for global Cisco UCS (Unified Computing System) resources

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Pragyan CMS is a multi-user, modular PHP and MySQL-based content management system (CMS). The system supports custom built-in frameworks, user group permission management, search engine optimization, and more. A remote attacker could use this vulnerability to obtain information using $ _GET ['del_black']

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation. Huawei Smartphone software MTK The platform contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Enjoy 6 is a smartphone from China's Huawei company. A buffer overflow vulnerability exists in the Huawei mobile phone driver using the MTK platform. The vulnerability was caused by the device failing to adequately verify user input. Huawei Smart Phones are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Versions prior to Nice AL00C00B155 are vulnerable

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 Mosa ( Moxa ) company's one with both a firewall and VPN functional security router

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. Cisco Cloud Web Security Contains a buffer error vulnerability and a data processing vulnerability. Vendors have confirmed this vulnerability Bug ID CSCut69743 It is released as.Information may be tampered with. The connector engine is one of the connector engines. The vulnerability stems from the fact that the program does not handle HTTP methods correctly

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. ZXR10 1800-2S Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEZXR101800-2S is a router of China ZTE Corporation (ZTE). A security vulnerability exists in versions prior to ZTEZXR101800-2S3.00.40 that caused the program to fail to properly restrict access to resources for unauthorized users. There is a security vulnerability in ZTE ZXR10 1800-2S versions before 3.00.40

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. ZXR10 1800-2S Contains a path traversal vulnerability.Information may be obtained. ZTEZXR101800-2S is a router of ZTE. ZTE ZXR10 1800-2S is a router made by China ZTE Corporation (ZTE). There is a security hole in ZTE ZXR10 1800-2S versions before 3.00.40

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. Vibease Wireless Remote Vibrator and Vibease Chat An application contains an information disclosure vulnerability.Information may be obtained. Vibease Chat app for iOS is an online chat software based on iOS platform. There are security vulnerabilities in the Vibease Wireless Remote Vibrator app based on the Android platform and the Vibease Chat app based on the iOS platform. The vulnerability stems from the fact that the program exchanges messages with other applications in clear text and uses the PLAIN SASL mechanism to send identities to the Vibease server Validation token

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. SAP NetWeaver AS JAVA Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability SAP Security Note 2389181 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state