VARIoT IoT vulnerabilities database

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of the editobject.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of nfcserver.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of localize.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists within css.inc.php. An attacker can leverage this to disclose files

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. Schneider Electric U.motion Builder Software Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to deny service on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of message_simple_html.php, which is exposed on the web service. The reboot option of the applet reboots the system. This flaw allows a remote attacker to perpetually reboot the system, denying service to all users. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. An information-disclosure vulnerability Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of loadtemplate.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.Motion Builder. User authentication is required to exploit this vulnerability.The specific flaw exists within file_picker.php. The upload path specified by the user is not constrained, so any logged-in user can upload files to any location in the system that is writable by the web service. An attacker can leverage this to execute code on the system in the context of the web server. U.motion Builder is a generator product from Schneider Electric, France

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. Authentication is not required to exploit this vulnerability. The specific flaw exists within error.php. This can be leveraged by an attacker in conjunction with other vulnerabilities to execute arbitrary code on the system

This vulnerability allows remote attackers to extract arbitrary files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of sendmail.php. The applet allows callers to select arbitrary files to send to an arbitrary email address. This allows the attacker to exfiltrate arbitrary files from the system.

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder.The specific flaw exists within the configuration of the product. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An authentication bypass vulnerability 4. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. An information-disclosure vulnerability Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of session management. The application has a hard-coded static session ID. U.motion Builder is a generator product from Schneider Electric, France. An SQL-injection vulnerability 2. A directory-traversal vulnerability 3. An information-disclosure vulnerability 5. A local code-execution vulnerability 6. A local denial-of-Service vulnerability 7. An information-disclosure vulnerability Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of track_import_export.php, which is exposed on the web service with no authentication. A remote attacker can leverage this vulnerability to execute arbitrary commands against the database

This vulnerability allows remote attackers to execute arbitrary SQL commands on vulnerable installations of Schneider Electric U.Motion Builder. Authentication is not required to exploit this vulnerability.The specific flaw exists within processing of SOAP requests by the web service. The system allows SOAP requests to perform arbitrary SQL commands. An attacker can leverage this vulnerability to execute arbitrary code in the context of the database. U.motion Builder is a generator product from Schneider Electric, France

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. Schneider Electric U.motion Builder Software Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within processing of editscript.php. An attacker can leverage this vulnerability to execute arbitrary code in the context of the web server

Mosha Video Surveillance System SoftNVR-IA is a real-time IP video monitoring software developed by Mosha Technology (Shanghai) Co., Ltd. There is a stack overflow vulnerability in the InitialSDK method of the NVRLV control of Mosha Video Surveillance System SoftNVR-IA. By tricking users into following specific links, an attacker can execute arbitrary code.

Mosha Video Surveillance System SoftNVR-IA is a real-time IP video monitoring software developed by Mosha Technology (Shanghai) Co., Ltd. There is a stack overflow vulnerability in the Connect method of the NVRPB ActiveX control of Mosha Video Surveillance System SoftNVR-IA. By tricking users into following specific links, an attacker can execute arbitrary code.

Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. Huawei AR3200 and NGFW Module Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 and NGFWModule are products of China Huawei. HuaweiAR3200 is an AR3200 series enterprise router product. NGFWModule is a firewall product. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The following products and versions are affected: Huawei AR3200 V200R005C32 Version, V200R006C10 Version, V200R006C11 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C00 Version, V200R008C10 Version, V200R008C20 Version, V200R008C30 Version; NGFW Module V500R001C00 Version, V500R001C20 Version, V500R002C00 Version

A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76681

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. The D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A security vulnerability exists in the D-LinkDIR-615 Wireless N300 router that originated from the program unverified password field. This may lead to further attacks

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. plural Cisco DPC Products and Arris TG1682G Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco DPC3939 (XB3) and so on are Cisco's wireless home voice gateway products. The ArrisTG1682G is a modem product from Arris, USA. Comcast is a set of firmware developed by Comcast, Inc., which runs on gateways and modem devices. A remote attacker can exploit this vulnerability to execute arbitrary code