VARIoT IoT vulnerabilities database

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. plural Cisco DPC Products and Arris TG1682G Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco DPC3939 (XB3) and so on are Cisco's wireless home voice gateway products. The ArrisTG1682G is a modem product from Arris, USA. Comcast is a set of firmware developed by Comcast, Inc., which runs on gateways and modem devices. A remote attacker can exploit this vulnerability to execute arbitrary code

The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame. Technicolor TC8717T Contains vulnerabilities related to security features.Information may be obtained. TechnicolorTC8717Tdevices is a router from Technicolor, France. TimeWarner is the firmware that runs in it. There is a security hole in the TimeWarner firmware on the TechnicolorTC8717T device. A remote attacker can exploit this vulnerability to gain network access by reading beacon frames

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera FTP server has an account blank password vulnerability. The password of the built-in FTP account of Foscam is empty by default, which can cause an attacker to upload and download files.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is an administrator credential disclosure vulnerability in FoscamcameraONVIFGetStreamUri, and the Foscam camera device uses the interface of the ONVIF protocol to allow anonymous access. An unauthenticated attacker can extract the administrator username and password via the \"media\" GetStreamUri method. This vulnerability only exists in some devices or parts of the firmware version.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera anonymous ONVIFSetDNS has a remote command injection vulnerability. The Foscam camera device uses the ONVIF protocol interface to allow anonymous access. An unauthenticated attacker can trigger remote command execution through the devicemgmtSetDNS method, and the command is executed as root. This particular vulnerability is very serious because it can be used without any credentials.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a vulnerability in the Foscamcamera Telnet feature, and the device has hidden Telnet functionality, which is not recorded anywhere. The Telnet feature makes it easier for an attacker to exploit other vulnerabilities or penetrate the intranet further.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The FoscamcameraFTP server account has a hard-coded password vulnerability. The built-in FTP user password is hard-coded, so the default FTP user password is always empty and cannot be changed.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The FoscamcameraWeb user interface hides hard-coded credentials vulnerabilities. All Foscams have hidden and hard-coded credentials that are unaffected by user configuration. These credentials can access the web user interface of some devices. The actions that can be performed depend on the model of the device, such as Opticami5, which allows visitors to control the telnetd service and reset the device to factory settings.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a configuration error in the Foscamcamera firewall. The Foscam camera device has a firewall function, but the firewall only restricts access to the web user interface (ports 80 and 443), and the IP address denied by the firewall can still access other services, such as ONVIF. (888 ports), FTP (50021 ports), RTSP (65534 ports), and telnet (23 ports). In the case that the request is rejected by the firewall, the firewall will return different results for the validity of the credential, the invalid credential will return an error-2 error, and the valid credential will return an error-8 error, so even if there is a firewall, the user can The voucher is violently enumerated.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. There is a default credential vulnerability in the FoscamcameraWeb account. The Foscam camera device can access the web user interface using the default credentials with the username admin and password blank. In addition to gaining access to the device, attackers can upload and download files via the built-in FTP server and watch live video from the camera via the RTSP protocol.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By using the configuration recovery feature to install the ProductConfig.xml file into the device, an attacker can exploit the vulnerability to execute arbitrary commands.

FOSCAM Group is a national high-tech enterprise specializing in the design, development, manufacture and sale of network cameras, network video recorders and other products. Foscamcamera adds a remote command execution vulnerability to the usrName parameter in the CGIProxy.fcgiaddAccount function at the user. Since the web page is run with root privileges, the command will also be executed with root privileges. However, the use of this vulnerability requires a valid certificate

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. A denial of service vulnerability exists in FoscamcameraRtspServer that could allow an attacker to disconnect or freeze a video source. The Foscam camera device RTSP service incorrectly handles negative numbers when processing the \"Content-Length\" in the request, causing the RTSP service memory to overflow or crash, or a single request entering an infinite loop. Since the RTSP service has a daemon, when the service crashes, a new service process is restarted, so the attacker is more likely to boot the process into an infinite loop. This denial of service attack will disconnect the video or freeze the video, and the only way for the user to resume video playback is to reboot the device. This vulnerability only exists on some devices or part of the firmware version.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. A buffer overflow vulnerability exists in FoscamcameraONVIFSetDNS. A buffer overflow can cause a service to crash or execute arbitrary code. An unauthenticated attacker can trigger a buffer overflow on the remote stack via the devicemgmtSetDNS method. This vulnerability only exists on some devices or part of the firmware version.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera lacks multiple login limit vulnerabilities. The Foscam camera device does not limit the number of error credentials provided by users, so an attacker can obtain valid credentials by violent enumeration.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera configuration backup file is hard-coded and protected. The configuration file of the Foscam camera device contains the administrator's password, which can be exported from the device. Although the exported backup file is encrypted, the credentials used for decryption are also hard-coded. If the attacker has analyzed the device and got hard-coded credentials, the administrator's password can be obtained.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. A storage cross-site scripting vulnerability exists in FoscamcameraONVIFSetHostname. The Foscam camera device uses the ONVIF protocol interface to allow anonymous access. Unauthenticated attackers can use the ONVIFSetHostname method to initiate persistent cross-site scripting attacks on Web interface users. This vulnerability only exists on some devices or part of the firmware version.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. The Foscamcamera startup script has a vulnerability in the allocation of permissions. At system startup, the device automatically loads execute boot.sh, which is set to any user readable and writable executable. This allows anyone to access and modify its content for their own commands. This file is stored in memory, so any changes made to it will take effect when the system is restarted. Because each time the system starts, the commands in the file will be re-executed, so the attacker can make a persistent attack on the device.

FOSCAM Group is a national high-tech enterprise specializing in the design, development, manufacture and sale of network cameras, network video recorders and other products. Foscamcamera has an ONVIFSystemReboot unauthorized restart vulnerability, and the Foscam camera device uses the ONVIF protocol interface to allow anonymous access. An unauthenticated attacker can restart the device by using the 'devicemgmt' 'SystemReboot' method. This vulnerability only exists on some devices or part of the firmware version.

Foscamcamera is a webcam that can push messages to mobile phones and directly implement video Baidu cloud storage via WIFI. Foscamcamera has a mis-distribution of directory permissions. The directory containing the Foscam camera device running software is readable and writable by everyone, which allows anyone to add or remove files that can affect the system's functionality. Due to permissions settings, any local user can replace the archive to gain root privileges.