VARIoT IoT vulnerabilities database

Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5. SophosCyberoamUTMCR25iNG is a network security device. SophosCyberoamUTMCR25iNG has a security bypass vulnerability that allows remote attackers to submit special requests and bypass security restrictions to escalate permissions. A security vulnerability exists in Sophos Cyberoam UTM CR25iNG version 10.6.3 MR-5

The Modicon M221CE16R is an integrated programmable controller from Schneider Electric. The Schneider Modicon M221CE16R has a hard-coded vulnerability. The XML file is AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the XML file using the standard password, the attacker can find the user's password in the decrypted data and open and modify the project using SoMachine Basic

WiFiSoC is a Wifie NIC chip from Broadcom Corporation. The BroadcomWiFi SoC has a permission acquisition vulnerability that allows an attacker to take over a device that uses a Broadcom wireless network card under a WiFi network without interacting with the user.

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. Schneider Electric SoMachine Basic and Modicon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The former is a programming and debugging interface for all components on the control platform; the latter is a programmable controller. An attacker could exploit the vulnerability to open and modify protected project files with Schneider's products. A remote attacker may leverage this issue to gain root access to the affected system

In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code. ARM Trusted Firmware Contains an integer overflow vulnerability.Service operation interruption (DoS) An attack may be carried out. ARM Trusted Firmware is a set of interface standards that provide ARMv8-A security software implementation. Security vulnerabilities exist in ARM Trusted Firmware versions 1.2 and 1.3. An attacker could exploit this vulnerability to copy large data to secure memory

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8. DragonWave Horizon Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DragonWave Horizon is a carrier-grade point-to-point packet microwave system developed by DragonWave Corporation in Canada. The system provides functions such as transmission of broadband voice, video and data. A security vulnerability exists in DragonWave Horizon version 1.01.03 due to the device's use of hard-coded login credentials. An attacker could exploit this vulnerability to gain access to the device

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. Schneider Electric Modicon The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Schneider Electric Modicon TM221CE16R is a programmable controller from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Modicon TM221CE16R version 1.3.3.3. Or upload an app. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. Schneider Modicon TM221CE16R firmware 1.3.3.3 is affected

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. F5 SSL Intercept iApp Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. F5 SSL Intercept iApp is a set of templates for configuring outbound security devices for decrypting SSL traffic in LTM from F5 Corporation of the United States. A security vulnerability exists in the F5 SSL Intercept iApp version 1.5.0 to 1.5.7. A remote attacker can exploit this vulnerability to modify the BIG-IP system configuration, extract sensitive information files, and execute commands on the system

A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0). Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvc32434. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not checking role-based users correctly

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. A buffer overflow vulnerability exists in the Bastet of the HuaweiVicky-AL00A/Victoria-AL00A phone due to lack of parameter checking. Huawei Smart Phones are prone to multiple local buffer-overflow vulnerabilities because it fails to adequate boundary checks on user-supplied input. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. Honor 6X Smartphone software contains an information disclosure vulnerability.Information may be obtained. HuaweiHonor6X is a smartphone from China's Huawei company. An attacker could exploit this vulnerability to obtain sensitive information

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. Schneider Electric Interactive Graphical SCADA System (IGSS) Software Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A remote attacker can exploit the vulnerability to execute arbitrary code in the context of the affected system

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. D-Link DIR-615 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. D-Link DIR-615 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. D-Link DIR-615 has an authorization issue vulnerability. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. D-Link DIR-615 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. There is a security vulnerability in D-Link DIR-615 versions prior to 20.12PTb04

Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 Plus and P10 Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiVicky-AL00A/Victoria-AL00A is Huawei's smartphone. There are multiple local buffer overflow vulnerabilities in Huawei smartphones because it does not perform proper boundary checking on user-supplied input. Local vulnerabilities can exploit these vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time. AIRTAME HDMI dongle There is an access control vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. AIRTAME HDMI dongle is a wireless access point product for connecting, sharing and split-screen TV or monitor. A security vulnerability exists in AIRTAME HDMI dongles with firmware versions prior to 2.2.0

On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). Broadcom Wi-Fi HardMAC SoC of fbt The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Broadcom Wi-Fi HardMAC SoC is a chip produced by Broadcom (Broadcom) for processing PHY and MAC layer processes. A stack buffer overflow vulnerability exists in Broadcom Wi-Fi HardMAC SoCs using fbt firmware. A remote attacker could exploit this vulnerability to execute code

A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1. Cisco Firepower System Software contains resource management vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvc58563 It is released as.Service operation interruption (DoS) An attack may be carried out. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvc58563. Firepower System Software 6.0.0, 6.1.0, 6.2.0, and 6.2.1 are vulnerable