VARIoT IoT vulnerabilities database

Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. * Improper Access Restriction (CWE-284) - CVE-2017-10900 * Buffer Overflow (CWE-119) - CVE-2017-10901 * OS Command Injection (CWE-78) - CVE-2017-10902 * Improper Authentication (CWE-287) - CVE-2017-10903 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A remote attacker may access the shared disk connected to the device, and then obtain or delete information in the disk. - CVE-2017-10900 * Receiving a specially crafted packet from a remote attacker may result in a denial-of-service (DoS) condition. - CVE-2017-10901 * A remote attacker may log in the device and execute an arbitrary OS command. - CVE-2017-10902 * A remote attacker may log in the device with the root privilege and conduct arbitrary operations. - CVE-2017-10903

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. Allow attackers to obtain sensitive information. This issue is being tracked by Cisco Bug ID CSCvd59341. CLI is one of those command line interfaces

A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). Vendors have confirmed this vulnerability Bug ID CSCvc63035 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. Cisco Wide Area Application Services is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvc63035. This software is mainly used in the link environment with small bandwidth and large delay

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A local attacker may exploit this issue to gain elevated root privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCvb99389

A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17. Vendors have confirmed this vulnerability Bug ID CSCvd87574 It is released as.Information may be obtained. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvd87574. This software is mainly used in the link environment with small bandwidth and large delay. A remote attacker could exploit this vulnerability to retrieve completed reports from an affected system

A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. Cisco IOS XR The software contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd94828 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOSXR, which can cause a denial of service (process overload) by sending a constructed SourceDiscoveryProtocol (MSDP) packet. An attacker can exploit this issue to restart the affected process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvd94828. The vulnerability is caused by the program not correctly handling errors in MSDP packets

A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd47343 It is released as.Authenticated by local attackers root May be promoted to. Cisco PrimeNetwork is an integrated component of Cisco PrimeforIPNGNsuite and is a stand-alone product. This issue is being tracked by Cisco Bug ID CSCvd47343. The installation procedure is one of the installation configuration procedures. The vulnerability stems from the fact that the program does not have the correct installation binary file and does not have the correct permission to configure the binary file

A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. Cisco FireSIGHTManagementCenter centrally manages the network security and operational features of CiscoASAwithFirePOWERServices and Cisco FirePOWER appliances. Cisco FireSIGHT System Software is prone to a local code-execution vulnerability. This issue is being tracked by Cisco Bug ID CSCvc91092

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. Vendors have confirmed this vulnerability Bug ID CSCvc69329 and CSCvc72930 It is released as.Of an affected system by an authenticated local attacker. The Cisco ASR5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. StarOS is a set of Linux operating systems for it. Cisco StarOS is prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges. Cisco ASR 5500 Series and so on are the 5500 and other series router equipment of Cisco (Cisco)

A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654

A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system's high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395. This may aid in further attacks. Ultra Automation Service is one of the automation services

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks

A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvd87482. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker can exploit this vulnerability to execute arbitrary code by intercepting user data packets and injecting malicious code

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Huawei SMC2.0 is a set of video management solutions of China Huawei (Huawei). The solution supports H.323 and SIP two mainstream protocols at the same time, and supports the access of devices such as computers and mobile phones. The following versions are affected: Huawei SMC2.0 V100R003C10 Version, V100R005C00SPC100 Version, V100R005C00SPC101B001T Version, V100R005C00SPC102 Version, V100R005C00SPC103 Version, V100R005C00SPC200 Version, V100R005C00SPC201T Version, V500R002C00 Version, V600R006C00 Version

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to execute arbitrary code and gain elevated privileges. Failed exploit attempts may result in a denial of service condition

The HP Photosmart 5520 series is a mid-range inkjet printer. The HP Photosmart 5520 series printer has an unauthorized access vulnerability. Allows an attacker to use the vulnerability to enter the background of the printer, view sensitive information, or perform unauthorized operations.

Lenovo PowerV Firewall is a comprehensive UTM that integrates firewall, IPSec VPN, SSL VPN, intrusion detection and protection system, antivirus, vulnerability scanning, active defense, flow control, log audit, and centralized management. Lenovo NetPower V firewall has SNMP protocol community string authentication permission bypass vulnerability, allowing attackers to use arbitrary strings or integer values to bypass SNMP access control and write arbitrary strings in MIB (Management Information Base) To get sensitive information about the device.

Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability (CWE-352). Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, unintended operations such as changing settings of the device may be performed. A remote attacker could exploit this vulnerability to perform unauthorized operations

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart. HuaweiVicky-AL00A and Victoria-AL00A are both Huawei's smartphone devices. The vulnerability stems from the program not fully performing input verification. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the system, denying service to legitimate users

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. AT&T U-verse Firmware contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ArrisNVG589 and NVG599 are router products of Arris Group of the United States. AT&TU-verse is the firmware used in it. A security vulnerability exists in the AT&TU-verse9.2.2h0d83 version of ArrisNVG589 and NVG599. A remote attacker can exploit this vulnerability to obtain sensitive information (for example, a Wi-Fi password). AT&T U-verse Arris Modems are prone to following security vulnerabilities: 1. 2. An information-disclosure vulnerability 3. A command injection vulnerability 4. Failed exploit attempts may result in a denial-of-service condition