VARIoT IoT vulnerabilities database

A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. This vulnerability Android ID: A-37305578 and Broadcom B-V2017052301 It is published asInformation may be obtained. Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to execute arbitrary code, gain sensitive information or gain elevated privileges. Failed exploit attempts may result in a denial of service condition

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. Zoho ManageEngine Firewall Analyzer Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ManageEngine Firewall Analyzer is prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application or privilege escalation. ManageEngine Firewall Analyzer 12200 is vulnerable; other versions may also be affected. Zoho ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools from Zoho, USA. It can collect, correlate analysis and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. Group Chat is one of the team communication tools

A vulnerability to denial-of-service attacks was found in JP1 and Hitachi IT Operations Director.An attacker may conduct denial-of-service attacks.

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. Technicolor TD5336 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TechnicolorTD5336OI_Fw_v7devices is a modem from Technicolor, France. A command injection vulnerability exists in the WebModface's PingModule on the TechnicolorTD5336OI_Fw_v7 device

The modern agricultural park meteorological information comprehensive management system is a weather system suitable for agriculture. Chongqing Lanyu Tianchen Technology Co., Ltd.'s modern agricultural park meteorological information integrated management system has unauthorized access and weak password loopholes. An attacker could use the vulnerability to obtain sensitive information or perform unauthorized operations.

Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Maya-L02, VKY-L09, Vicky-AL00A, and Warsaw-AL00 are all smartphones of Huawei. Huawei Maya-L02 and others are smartphone products of China Huawei (Huawei). There are security vulnerabilities in many Huawei products. The following products and versions are affected: Huawei Maya-L02 prior to Maya-L02C636B126; VKY-L09 prior to VKY-L29C10B151; VTR-L29 prior to VTR-L29C10B151; Vicky-AL00A prior to Vicky-AL00AC00B162; AL00A Victoria-AL00AC00B167 prior to Warsaw-AL00 Warsaw-AL00C00B200 prior

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. Huawei Honor 5S Smartphone software has a security check vulnerability.Information may be tampered with. HuaweiHonor5S is a smartphone from China's Huawei company

Arris Modems are modems made by telecommunications equipment maker Arris. They are specially designed for AT & T home users. Arris Modems has a hard-coded backdoor vulnerability. An attacker can obtain the serial number of the device and use the account password "bdctest / bdctest" to access the device on port 61001, thereby obtaining information such as WiFi passwords and device MAC addresses.

Arris Modems is a modem produced by telecommunications equipment manufacturer Arris, a network access device customized for AT&T home users. Arris Modems has a hard-coded backdoor vulnerability. The Arris modem has a built-in web server. The attacker can access the background management panel by using the "tech/empty" account password through port 49955.

Arris Modems is a modem produced by telecommunications equipment manufacturer Arris, a network access device customized for AT&T home users. Arris Modems has a hard-coded backdoor vulnerability. The modem enables SSH by default and allows Internet connections. Attackers use the built-in default account password "remotessh/5SaP9I26" to access, and can directly obtain ROOT permissions and perform arbitrary operations.

In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. Ice Qube Thermal Management Center Contains an authentication vulnerability.Information may be obtained. The program includes email notifications, remote management, LCD display and temperature alarms. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. ALC WebCTRL , i-Vu ,and SiteScan Web Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutomatedLogic provides a complete set of building electrical and mechanical control systems for the majority of users, including central air conditioning automatic control, power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely used in the United States, China and other regions. There are XML external entity vulnerabilities in multiple devices of AutomatedLogicCorporation. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition

MoxaSoftCMSLiveViewer is a video surveillance software designed for industrial automation systems. A SQL injection vulnerability exists in MoxaSoftCMSLiveViewer 1.6 and earlier. An attacker exploits a vulnerability to access SoftCMS without knowing the user's password. Moxa SoftCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to Moxa SoftCMS 1.7 are vulnerable

An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. Rockwell Automation is a solution provider for industrial automation, control and information technology. An attacker can exploit this issue to cause denial-of-service condition. FactoryTalk Alarms and Events 2.90 and prior are vulnerable. Rockwell Automation Studio 5000 Logix Designer, FactoryTalk View SE and FactoryTalk Services are all products of Rockwell Automation, USA. Rockwell Automation Studio 5000 Logix Designer is an application program used to configure and maintain the controller; FactoryTalk View SE is a set of human-machine interface software; FactoryTalk Services is a set of production and performance management platform. The following products and versions are affected: Rockwell Automation Studio 5000 Logix Designer 24 and later, FactoryTalk View SE version 5.00, FactoryTalk Services

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. SIMATIC PCS 7 is a set of distributed process control systems using WinCC from Siemens AG, Germany. Siemens SIMATIC PCS 7 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users

An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. Trihedral VTScada Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Trihedral VTScada (formerly known as VTS) is a SCADA system based on the Windows platform provided by Trihedral Engineering of Canada. There are multiple vulnerabilities in Trihedral Engineering Limited VTScada. An attacker could execute arbitrary script code in an affected application or bypass an security restriction to perform an unauthorized operation

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. Moxa MXView Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa MXView is a network management software for Moxa's configuration, monitoring and diagnostics of network devices in Industrial Ethernet. A privilege elevation vulnerability exists in Moxa MXview 2.8 and earlier. Moxa MXview is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. AT&T U-verse The firmware contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. An Hardcoded Credential Security Bypass vulnerability. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. A security-bypass vulnerability Attackers can exploit these issues to obtain sensitive information, execute arbitrary code and perform unauthorized actions., which may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition. Arris NVG599 is a router product of American Arris Group Company. AT&T U-verse is the firmware used in it

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. AT&T U-verse There are authentication vulnerabilities in the firmware.Information may be tampered with. ArrisNVG589 and NVG599 are router products of Arris Group of the United States. AT&TU-verse is the firmware used in it. A security vulnerability exists in the AT&TU-verse9.2.2h0d83 version of ArrisNVG589 and NVG599. A remote attacker can exploit this vulnerability to establish an arbitrary TCP connection with an internal host. AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. A security-bypass vulnerability Attackers can exploit these issues to obtain sensitive information, execute arbitrary code and perform unauthorized actions., which may aid in further attacks. Failed exploit attempts may result in a denial-of-service condition

Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 ・ DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory