VARIoT IoT vulnerabilities database

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA

The HG-100R is a router. There is a DNS hijacking vulnerability in the HUMAXWiFi router HG-100R. The vulnerability first constructs authentication that bypasses the management console around a particular request. The session token could not be verified because the router returned a response for some methods in \"url/api\". An attacker could use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.

An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of HTMLSlotElement objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files accessible to the SYSTEM account. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. SpiderControl SCADA MicroBrowser Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within processing of the StaticHTMLTagsFileName tag. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. SCADA MicroBrowser is a software management platform. Failed exploit attempts will likely result in denial-of-service conditions. SCADA MicroBrowser 1.6.30.144 and prior are vulnerable

Dreambox is a wireless routing system similar to openwrt. The OpenDreamBox plugin has a remote code execution vulnerability that allows an attacker to exploit a vulnerability to illegally execute arbitrary commands.

Schneider Electric Trio TView Software is a virtual diagnostic software. Schneider Electric Trio TView Software has a dll hijacking vulnerability. The vulnerability is caused by the failure to specify an absolute path for the DLL included in the Trio TView Software application, allowing an attacker to use the vulnerability to build a malicious application, place it in a specific path, and cause the application to maliciously load the DLL and execute it

Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. Thales nShield Connect Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thales nShield Connect hardware models 500, etc. are all network-type HSM (hardware security module) devices of Thales e-Security Company in the United States. Several types of Thales nShield Connect hardware have security vulnerabilities. The following products and versions are affected: Thales nShield Connect 500 prior to 11.72; 1500 prior to 11.72; 6000 prior to 11.72; 500+ prior to 11.72; 1500+ prior to 11.72; 6000+ prior to 11.72

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. D-Link DIR-600 The device firmware contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-LinkDIR-600RevBx is a wireless router product. D-LinkDIR-600RevBx has a security vulnerability that allows remote attackers to exploit vulnerabilities to submit special requests and read password information. A security vulnerability exists in the D-Link DIR-600 Rev Bx with version 2.x firmware

Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. Paessler PRTG Network Monitor Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PaesslerPRTGNetworkMonitor is a full-featured network monitoring management software from Paessler AG, Germany. A cross-site scripting vulnerability exists in the DEVICESORSENSORS feature in versions prior to PaesslerPRTGNetworkMonitor 17.3.33.2654

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 210/SD 212/SD 205, SD 410/12, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, A NULL pointer dereference can occur during an SSL handshake. plural Qualcomm Run on product Android Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9635M, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A security vulnerability exists in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker could exploit this vulnerability by sending a specially crafted request to cause a denial of service (null pointer backreference)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image. plural Qualcomm Run on product Android Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm FSM9055, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in Qualcomm closed-source components in versions prior to Android 2018-04-05. A remote attacker could exploit this vulnerability to gain access

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, memory leak may occur in the IPSecurity module when repeating IKE-Rekey. plural Qualcomm Run on product Android Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). IPSecurity is one of the security modules. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The IPSecurity module of Qualcomm closed-source components in Android versions before 2018-04-05 has a resource management error vulnerability. A remote attacker could exploit this vulnerability to cause a denial of service (memory leak)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper CFG allocation can cause heap leak. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. There is a buffer overflow vulnerability in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker could exploit this vulnerability by sending a specially crafted request to cause a denial of service (heap leak)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure. plural Qualcomm Run on product Android Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MDM9635M, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The vulnerability is caused by the program's premature termination of DTR. A remote attacker could exploit this vulnerability to cause a denial of service

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6). Cisco Unified Communications Manager Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve27331 It is released as.Information may be tampered with. Attackers can exploit this issue to gain elevated privileges and perform unauthorized actions. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1). Vendors have confirmed this vulnerability Bug ID CSCvd76324 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd76409 It is released as.Information may be obtained. Successful exploits will allow attackers to gain access to the sensitive information. This may result in further attacks. ConfD server is one of the configuration management servers

A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd76406 It is released as.Information may be obtained. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Elastic Services Controller (ESC) is one of the open source modular systems

A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0. Vendors have confirmed this vulnerability Bug ID CSCve37724 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers may exploit this issue to gain elevated privileges. The software provides functions such as user-based business rules, real-time management of applications and network resources