VARIoT IoT vulnerabilities database
| VAR-201704-0431 | CVE-2015-2883 | Philips In.Sight B120/37 Cross-Site Scripting Vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. Philips In.Sight B120/37 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PhilipsIn.SightB120/37 is a video surveillance device for infants in the Netherlands. A cross-site scripting vulnerability exists in PhilipsIn.SightB120/37. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the help of the name parameter
| VAR-201704-0430 | CVE-2015-2882 | Philips In.Sight B120/37 Vulnerabilities related to the use of hard-coded credentials |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. Philips In.Sight B120/37 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. PhilipsIn.SightB120/37 is a video surveillance device for infants in the Netherlands. A permission acquisition vulnerability exists in PhilipsIn.SightB120/37. An attacker could exploit the vulnerability to gain access to the local web server and operating system
| VAR-201706-0459 | CVE-2017-6032 | Schneider Electric Modicon PLC Multi-factor authentication bypass vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-factor authentication bypass vulnerability. Once the session key is transmitted in clear text, the attacker can replay the request and add arbitrary commands, including starting and stopping the PLC, and downloading its ladder diagram.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Attackers can exploit this vulnerability to implement brute force attacks
| VAR-201706-0460 | CVE-2017-6034 | Schneider Electric Modicon Modbus Protocol Authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon PLC has a multi-authentication bypass vulnerability that allows an attacker accessing the OT network to intercept traffic to the target PLC, including the session identifier required to send management commands to the device.
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
| VAR-201704-1432 | CVE-2017-7588 |
plural Brother Authentication vulnerabilities in device products
Related entries in the VARIoT exploits database: VAR-E-201704-0429 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W. plural Brother An authentication vulnerability exists in device products.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. BrotherMFC-J6973CDW and others are printer products of Brother Industries of Japan. There are security holes in many Brother devices. An attacker could exploit the vulnerability to bypass web authentication. Brother MFC-J6973CDW, etc
| VAR-201704-1458 | CVE-2017-7648 | Foscam Vulnerability that breaks cryptographic protection mechanisms in network devices |
CVSS V2: 4.3 CVSS V3: 8.1 Severity: HIGH |
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation
| VAR-201704-0479 | CVE-2015-2885 | Lens Peek-a-View Vulnerabilities related to the use of hard-coded credentials |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. Lens Peek-a-View Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. LensPeek-a-View is a video surveillance device for babies. A privilege elevation vulnerability exists in LensPeek-a-View. An attacker could exploit this vulnerability to gain root privileges. There is a security flaw in Lens Peek-a-View
| VAR-201704-0924 | CVE-2017-2141 | WN-G300R3 vulnerable to OS command injection |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier
| VAR-201704-0925 | CVE-2017-2142 | WN-G300R3 vulnerable to stack based buffer overflow |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE
| VAR-201704-0480 | CVE-2015-2886 | iBaby M6 Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. The iBabyM6 is a video surveillance device for babies. An information disclosure vulnerability exists in iBabyM6. There is a security flaw in the iBaby M6
| VAR-201704-0481 | CVE-2015-2887 | iBaby M3S Vulnerabilities related to the use of hard-coded credentials |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
iBaby M3S has a password of admin for the backdoor admin account. iBaby M3S Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The iBabyM3S is a video surveillance device for babies. A permission acquisition vulnerability exists in iBabyM3S. An attacker could exploit the vulnerability to gain access to the underlying operating system. There is a security vulnerability in iBaby M3S
| VAR-201704-0482 | CVE-2015-2888 | Summer Baby Zoom Wifi Monitor & Internet Viewing System Vulnerabilities that bypass authentication |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. SummerBabyZoomWifiMonitorandInternetViewingSystem is a wireless network surveillance video system. There is a security hole in SummerBabyZoomWifiMonitor&InternetViewingSystem
| VAR-201704-0483 | CVE-2015-2889 | Summer Baby Zoom Wifi Monitor & Internet Viewing System Vulnerability gained in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL. SummerBabyZoomWifiMonitorandInternetViewingSystem is a wireless network surveillance video system. An elevation of privilege vulnerability exists in SummerBabyZoomWifiMonitor&InternetViewingSystem. An attacker could exploit the vulnerability to gain access
| VAR-201704-0078 | CVE-2016-10323 | Synology Photo Station Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958. A local attacker could exploit this vulnerability to gain privileges
| VAR-201704-0077 | CVE-2016-10322 | Synology Photo Station Vulnerable to arbitrary command execution |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958
| VAR-201704-0478 | CVE-2015-2884 |
Philips In.Sight B120/37 Information Disclosure Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201704-0508 |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. PhilipsIn.SightB120/37 is a video surveillance device for infants in the Netherlands. An information disclosure vulnerability exists in PhilipsIn.SightB120/37. Philips In.Sight is prone to an information-disclosure vulnerability.
Philips In.Sight B120/37 is vulnerable
| VAR-201704-0134 | CVE-2016-5058 | OSRAM SYLVANIA Osram Lightify Pro Access control vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Pro Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Pro is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. An attacker could use this vulnerability to obtain and re-execute used commands
| VAR-201704-0129 | CVE-2016-5053 | OSRAM SYLVANIA Osram Lightify Home Vulnerable to arbitrary command execution |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
OSRAM SYLVANIA Osram Lightify Home has a security vulnerability in versions prior to 2016-07-26
| VAR-201704-0130 | CVE-2016-5054 | OSRAM SYLVANIA Osram Lightify Home Access control vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. OSRAM SYLVANIA Osram Lightify Home Contains an access control vulnerability.Information may be tampered with. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Home 2016-07-26 and previous versions. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services
| VAR-201704-0127 | CVE-2016-5051 | OSRAM SYLVANIA Osram Lightify Home Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mobile/Containers/Data/Application. OSRAM SYLVANIA Osram Lightify Home Contains an information disclosure vulnerability.Information may be obtained. Attackers can use this vulnerability to capture and resume Zigbee communications, and respond to commands to interrupt lighting services.
There are security vulnerabilities in OSRAM SYLVANIA Osram Lightify Pro 2016-07-26 and previous versions. OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platform for automatic control lighting equipment of German OSRAM company.
OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26 have security vulnerabilities, which originated from the program storing the PSK in the / private / var / mobile / Containers / Data / Application directory in clear text. An attacker could use this vulnerability to extract data from a file