VARIoT IoT vulnerabilities database

Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. Hanwha Techwin SRN-4000 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HanwhaTechwinSRN-4000 is a network video recorder from Hanwha Techwin, Korea. A remote command execution vulnerability exists in versions of SRN-4000 firmware prior to SRN4000_v2.16_170401. The vulnerability could be exploited by a remote attacker to gain access to the Web Administration Portal with administrator privileges. Hanwha Techwin SRN-4000 is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Hanwha Techwin SRN-4000 SRN4000_v2.16_170401 are vulnerable

Beijing Weifangtong Information Technology Co., Ltd. bunker fortress is a single point function that provides centralized identity authentication, centralized access authorization, centralized access management, centralized operation audit, and simplified operation and management required for remote operation and maintenance management. Beijing Weifangtong Information Technology Co., Ltd. bunker fortress based on Jakarta Multipart parser's file upload module captures the exception information when processing the file upload (multipart) request, and OGNL expression processing for the exception information. However, when the content-type is judged to be incorrect, an exception is thrown and the Content-Type attribute value is taken. The URL with OGNL expression can be carefully constructed to cause remote code execution.

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. When enabling PhotoShare with a mobile application (either for Android or iOS), the application prompts a user to set credentials. As a result, a remote attacker with access to the wireless LAN may obtain image data by using default credentials (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If PhotoShare is enabled by web browsers, an attacker with access to the wireless LAN may obtain image data. There is a security hole in FlashAirSDHCMemoryCard

FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. FlashAir by Toshiba Corporation is an SDHC memory card which provides wireless LAN access functions. FlashAir PhotoShare function enables to share the selected data with other users as it switches the original wireless LAN connection set by FlashAir default to the wireless LAN connection for PhotoShare. FlashAir fails to restrict access permissions (CWE-425) in PhotoShare. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who access PhotoShare may obtain image data that are set not to be shared with other users. Because of the vulnerability stated in JVN#81820501, when enabling PhotoShare with web browsers, an attacker with access to the wireless LAN may obtain these image data. A security vulnerability exists in FlashAirSDHCMemoryCard 2.00.04 and earlier and versions prior to 3.00.02

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. Eir D1000 Modems have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eir D1000 is a modem of Eir company in Ireland. There is a security flaw in the Eir D1000 modem, which is caused by the program not properly restricting the TR-064 protocol

The integrated intelligent set-top box z84 is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd. It is a device integrating wireless wifi and smart TV. It is a set-top box widely used by telecommunications in hotels and homes with smart TVs. The z84, a converged intelligent set-top box, has an unauthorized user to modify the administrator configuration vulnerability. Any user on the same network that allows an attacker to use the affected page can override the super administrator's device configuration information.

The integrated intelligent set-top box z84 is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd. It is a device integrating wireless wifi and smart TV. It is a set-top box widely used by telecommunications in hotels and homes with smart TVs. The fused intelligent set-top box z84 has a stored cross-site scripting vulnerability in the background management device configuration, allowing attackers to use this vulnerability to insert malicious scripts at the input point, steal user cookies, or implement phishing attacks.

Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473. Cisco Sourcefire Snort Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Snort++ is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to restart the affected process, denying service to legitimate users. These issues fixed in: Cisco Snort++ BUILD_233. Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from Cisco (formerly Snort team). The software provides functions such as packet sniffing, packet analysis, and packet inspection. The vulnerability stems from the fact that the program does not correctly handle Type verification

Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem. Cisco Sourcefire Snort Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Snort++ is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to restart the affected process, denying service to legitimate users. These issues fixed in: Cisco Snort++ BUILD_233. Cisco Sourcefire Snort is a set of network intrusion prevention software and network intrusion detection software from Cisco (formerly Snort team). The software provides functions such as packet sniffing, packet analysis, and packet inspection

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Fortinet FortiPortal Contains a vulnerability related to the password management function.Information may be obtained. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple memory corruption vulnerabilities. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process. Apple iOS and macOS are prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple OS X of HFS A component contains a vulnerability that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of HFS. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel. Apple macOS is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. HFS is one of the network file upload components

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, WatchOS and tvOS are prone to a memory corruption vulnerability. An attacker can exploit this issue to gain kernel privileges. The following versions are affected: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.1 Versions prior to Apple tvOS 10.2.1. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. AVEVideoEncoder is one of the video encoders. CVE-2017-2521: lokihardt of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-3 tvOS 10.2.1 tvOS 10.2.1 is now available and addresses the following: AVEVideoEncoder Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team IOSurface Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz TextInput Available for: Apple TV (4th generation) Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Microas Zero Day Initiative CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab ( tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero WebKit Web Inspector Available for: Apple TV (4th generation) Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn) Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.a To check the current version of software, select "Settings -> General -> About.a Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua 3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3 1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ n4lw8wPv5laa5ARIQHP/ =94LN -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. Apple macOS is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. 802.1X is one of the client or server-based access control and authentication protocol components. The vulnerability stems from the fact that EAP-TLS certificate verification does not properly handle certificate replacement