VARIoT IoT vulnerabilities database

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware. Motorola MX011ANM and Xfinity XR11-20 Voice Remote Devices have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. MotorolaMX011ANM is a network set-top box device from Motorola, USA. The XfinityXR11-20VoiceRemote is a voice remote control device. Comcast is a firmware developed by Comcast, Inc., which runs on devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the MotorolaMX011ANM and XfinityXR11-20VoiceRemote devices using MX011AN_2.9p6s1_PROD_sey firmware, which is due to a lack of protection for the program

The HPERK-321A is a wireless desktop device consisting of a mouse and a keyboard. HPERK-321AWirelessMouse has a spoofing vulnerability. Due to unencrypted and unauthenticated mouse data communication, an attacker can exploit the vulnerability to initiate a mouse spoofing attack.

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session. Cisco DPC3939 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Allows an attacker to obtain the root shell of the gateway's network processor (Atom) Linux instance. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. Cisco DPC3939 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Allows an attacker to execute arbitrary commands on an Application Processor (ARM) Linux instance on the gateway. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems. An attacker could exploit this vulnerability to gain root access by using shell metacharacters in commands

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations. Cisco DPC3939 Contains an information disclosure vulnerability.Information may be obtained. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. The attacker accesses the CMMAC of the Comcast Customer Gateway by sniffing the Wi-Fi traffic on the gateway. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode. Cisco DPC3939 Contains an access control vulnerability.Information may be tampered with. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Comcast is a set of firmware developed by Comcast Corporation of the United States that runs in devices such as gateways and modems

Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. Huawei AR1220 is an enterprise-class modular router from China's Huawei company. There is a security hole in HuaweiAR1220. This vulnerability is used to cause an abnormal reset of the interface board. The following versions are affected: Huawei AR1220 V200R005C00SPC200, V200R005C10SPC500, V200R005C20SPC100, and V200R005C20SPC200

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. HuaweiS2300 is a switch device of Huawei (Huawei). IPstack is one of the transport protocols. IPstack in several Huawei products has a security vulnerability. The vulnerability stems from the failure of the packet processing module to correctly determine the length of the IP option. An attacker can use this vulnerability to create a board reset by using a special ICMP packet. The following versions are affected: Huawei S2300/S2700/S3300/S3700 V100R00600 Version, V100R006C03 Version, V100R006C05 Version; S5300EI/S5700EI/S5300SI/S5700SI V100R006C00 Version, V200R001C00SPC300 Version, V200R002C00SPC300 Version, V200R003C00SPC300 Version, V200R005C00SPC300 Version; S5300HI/S5700HI S6300EI/S6700EI /S5710HI V200R001C00SPC300 Version, V200R002C00SPC300 Version, V200R003C00SPC300 Version, V200R005C00SPC300 Version; S5300LI/S5700LI/S2350EI/S2750EI V200R001C00SPC300 Version, V200R002C00SPC300 Version, V200R003C00SPC300 Version, V200R005C00SPC300 Version, V200R006C00SPC500 Version, V200R007C00SPC500 Version; S5720HI V200R006C00SPC500 Version, V200R007C00SPC500 Version; S7700/S9300/ S9700 V200R001C00SPC300, V200R002C00SPC300, V200R003C00SPC500, V200R005C00SPC300, V200R006C00SPC500, V200R007C00SPC500; S12700

Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. plural F5 The product contains a buffer overflow vulnerability.Service disruption by remotely authenticated administrator (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Several F5 products have buffer overflow vulnerabilities. A remote attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: BIG-IP LTM Version 11.6.0, Version 11.0.0 through Version 11.5.2, Version 10.0.0 through Version 10.2.4; BIG-IP AAM Version 11.6.0, Version 11.4.0 through Version 11.5.2; BIG-IP AFM Version 11.6.0, Version 11.3.0 through Version 11.5.2; BIG-IP Analytics Version 11.6.0, Version 11.0.0 through Version 11.5.2; BIG-IP APM Version 11.6.0 Versions, 11.0.0 to 11.5.2, 10.1.0 to 10.2.4; BIG-IP ASM 11.6.0, 11.0.0 to 11.5.2, 10.0.0 to 10.2.4 ; BIG-IP Edge Gateway Version 11.0.0 through 11.3.0, Version 10.1.0 through Version 10.2.4; BIG-IP GTM Version 11.6.0, Version 11.0.0 through Version 11.5.2, Version 10.0.0 through Version 10.2.4; BIG-IP Link Controller Version 11.6.0, Version 11.0.0 to Version 11.5.2, Version 10.0.0 to Version 10.2.4; BIG-IP PEM Version 11.6.0, Version 11.3.0 to Version 11.5 .2 versions; BIG-IP PSM versions 11.0.0 through 11.4.1, 10.0.0 through 10.2.4; BIG-IP WebAccelerator versions 11.0.0 through 11.3.0, 10.0.0 through 10.2.4 Versions; BIG-IP WOM 11.0.0 to 11.3.0, 10.0.0 to 10.2.4; Enterprise Manager 3.0.0 to 3.1.1 HF4, 2.1.0 to 2.3.0

The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. HuaweiOceanStorUDS is a high-density storage node and distributed storage system based on ARM architecture from Huawei. DeviceManager is one of the device management tools. A security vulnerability exists in DeviceManager in Huawei OceanStorUDSV100R002C01SPC101 and previous versions

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. HuaweiOceanStorUDS is a high-density storage node and distributed storage system based on ARM architecture from Huawei. A security vulnerability exists in HuaweiOceanStorUDSV100R002C01SPC101 and earlier versions

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. HuaweiOceanStorUDS is a high-density storage node and distributed storage system based on ARM architecture from Huawei. A security vulnerability exists in the XML interface in HuaweiOceanStorUDSV100R002C01SPC101 and earlier versions

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device. Vera VeraEdge and Veralite The device contains a path traversal vulnerability.Information may be obtained. FileUtils is an open source file management tool. A security vulnerability exists in Vera VeraEdge version 1.7.19 and Veralite version 1.7.481. The vulnerability is caused by the program not filtering the value submitted by the user. An attacker can use the directory traversal character '../' to exploit this vulnerability to read the contents of other files

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who navigates to an attacker controlled page to install or delete an application on the device. Note: The cross-site request forgery is a systemic issue across all other functionalities of the device. Vera VeraEdge and Veralite The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Hikvision is a video-centric IoT solution and data operation service provider. Hikvision remote monitoring client system treeformap.php file id parameter has a SQL injection vulnerability. Allows attackers to exploit vulnerabilities to obtain database sensitive information.

A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack. Attackers can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p03762en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesb3p03762en_us Version: 1 HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The affected versions of DCNM are 10.1(1) and 10.1(2). References: - CVE-2017-6639 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP C-series Switch Software Data Center Network Manager Version 10.1(1), 10.1(2) BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-6639 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION There are no workarounds that address this vulnerability. Cisco has released software updates that address this vulnerability with DCNM 10.2(1). HPE has made the updates available to customers under contract through HPE Support Center: * <http://www.hpe.com/support/hpesc> **It is essential that all HPE customers who had previously downloaded any of the firmware and DCNM packages above download again with the updated packages from the HPE Support Center.** All packages have been updated to include DCNM 10.2(1), and they are listed here: * MDS 7.3(0)DY(1), released June 2017 * MDS 7.3(1)DY(1), released June 2017 * Nexus 5.2(1)N1(9b), released June 2017 HISTORY Version:1 (rev.1) - 11 August 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZjL4yAAoJELXhAxt7SZaiac4IAIDr4QnvkSMG3dtIfdJm+crg RCz+V5mdDBRzcB2PpOtwp1xoTpDYmSa7hLAsASPE3C4V2UroizRZQa0v5lx6Qpej EVTkkLuVyNIUnN2Bg/Cm3vMNrTjwvzCeP6JJmyBcht5qJXN+TwqTO5Ie2EuUomGA UjguaR7b3jv5AxsYymXbCA/iJDHW9hOXqWjqstSnFEJYnYVWhdqv8qTyCAaCegnG iAa3yHYtbJHUcrPa3HGO7hkXueow9Nsnfx13Lh6GTvo0/6fSDUP9fVSEGynk+RD6 ss0SQ+IthBKWDmiwOshH2cJ9HNPkBRrmQ7OlW/9tjUDHWyTttD4/4f5pD16PzeA= =ElxI -----END PGP SIGNATURE-----

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE. Vendors have confirmed this vulnerability Bug ID CSCvd16665 It is released as.Denial of service by a local attacker (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOSXR Software, which can cause a denial of service (process overload) by exploiting a memory leak vulnerability in the gRPC service. A local attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvd16665 . The forwarding component is one of the information forwarding components

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0. Cisco Context Service SDK is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input. Successful exploit allows an attacker to execute arbitrary code within the context of the user on the affected system. This issue is being tracked by Cisco Bug ID CSCvb66730. Cisco Context Service SDK is a set of software development toolkit for Context service developed by American Cisco (Cisco). The vulnerability stems from the fact that the program does not properly filter the input submitted by the user

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. Vendors have confirmed this vulnerability Bug ID CSCvc52784 and CSCvc97648 It is released as.By a remotely authenticated attacker SQL The execution of the query can affect the confidentiality of the system. Exploiting these issues could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID's CSCvc52784 and CSCvc97648. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The Web-based GUI in CUCDM has a SQL injection vulnerability, which stems from the fact that the program does not fully verify the input submitted by the user in the HTTP request parameters