VARIoT IoT vulnerabilities database

Moxa NPort5110 is an industrial-grade serial server produced by Taiwan's Moxa Corporation. It is used for serial device networking. A denial of service vulnerability exists in the Moxa NPort5110 TCP / IP protocol stack. Sending 1-2 UDP abnormal packets to the UDP port 161 (SNMP) of the NPort5110 can cause the TCP / IP protocol stack of the NPort5110 to crash and the device to fail to respond. The device must be powered off and restarted. An attacker could exploit the vulnerability to launch a denial of service attack.

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. Vendors have confirmed this vulnerability SVE-2016-6362 It is released as.Attackers can be vulnerable to unspecified effects through processes that trigger out-of-bounds reads. Samsung is an Android smartphone. Samsung has a remote memory corruption vulnerability. An attacker could exploit the vulnerability to execute arbitrary code in an affected application environment. Failed exploit attempts will likely cause a denial-of-service condition

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping. Huawei S3300 Contains vulnerabilities related to channel and path errors.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiS3300 is a Huawei switch device. The EFM feature flapping vulnerability is generated on the Huawei S3300. The device is faulty. As a result, the EFM service flaps. Huawei S3300 is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial-of-service condition. Huawei S3300 is a 100M Ethernet switch product of China Huawei (Huawei). There is a security vulnerability in the Huawei S3300 V100R006C05 version using the VRP platform

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Schneider Electric homeLYnk Controller Contains a cross-site scripting vulnerability.Through expertly crafted user input, JavaScript The code may be executed. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SchneiderhomeLYnkControllerLSS1001003 is a logic controller. An attacker could exploit the vulnerability to execute arbitrary script code on a user's browser on an affected website, stealing a cookie-based authentication certificate and launching other attacks. LSS100100 is one of the versions

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E. Vendors have confirmed this vulnerability Bug ID CSCva72252 It is released as.Denial of service by an adjacent attacker (DoS) There is a possibility of being put into a state. The Cisco Catalyst 2960 and 3750 Series Switches are IOS are Cisco switches running Cisco IOS operating systems. A denial of service vulnerability exists in the Cisco Catalyst 2960 and 3750 Series Switches for IOS. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCva72252

An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135. Vendors have confirmed this vulnerability Bug ID CSCuy06917 , CSCuy45036 , CSCuy59525 It is released as.By an authenticated remote attacker, ipsecmgr The process may be reloaded. Cisco ASR5000 Series Software is a 5000 series wireless controller product from Cisco. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuy06917, CSCuy45036 and CSCuy59525

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvc28662

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91). The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. A denial of service vulnerability exists in Cisco Mobility Express 2800 and 3800 AccessPoints. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb66659. A local attacker could exploit this vulnerability by sending a specially crafted 802.11 frame to the target device to affect the availability of the device

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85). Vendors have confirmed this vulnerability Bug ID CSCvb33575 It is released as.Denial of service by an adjacent attacker ( Authentication failure ) There is a possibility of being put into a state. The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb33575. The vulnerability stems from the fact that the program does not correctly handle 802.11 authentication request errors. An attacker could exploit this vulnerability by sending a specially crafted 802.11 frame to the target device to affect the availability of the device

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvb60655. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in CWMS

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457). Cisco IOS is a popular Internet operating system. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. An attacker could exploit the vulnerability to execute arbitrary code on a user's browser on an affected website, stealing cookie-based authentication credentials and launching other attacks. This issue is being tracked by Cisco Bug ID CSCvb97237

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco bug ID CSCzu78401. Cisco WebEx Meeting Center is an online meeting product in a set of WebEx meeting solutions of Cisco (Cisco). The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087. The CiscoAsyncOSonEmailSecurityAppliance(ESA)device is a set of operating systems running on an Email Security Appliance (ESA) from Cisco. A remote security bypass vulnerability exists in CiscoEmailSecurityApplianceforAsyncOS. The attacker exploited the vulnerability to bypass security restrictions and perform unauthorized actions and launch further attacks. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz16076

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8). Vendors have confirmed this vulnerability Bug ID CSCvc20679 It is released as.Of the affected system by a remote attacker. The attacker could exploit this vulnerability to execute arbitrary script code on the user's browser of the affected website, stealing cookie-based authentication certificates and launching other attacks. This issue is being tracked by Cisco Bug ID CSCvc20679

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. This issue is being tracked by Cisco bug ID CSCuz03353. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in CWMS

A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb15229. Cisco NetFlow Generation Appliance (NGA) is a set of scalable solutions for data center traffic visibility from Cisco. The solution provides features such as traffic analysis and other demand management

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. This issue is being tracked by Cisco Bug ID CSCuz03345. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There are security vulnerabilities in CWMS

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuz03317. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot. Huawei P9 Smartphone software contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP9 is a Huawei smartphone product from China. HuaweiP9 has a lock screen bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. There is a security flaw in the Huawei P9

Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. Mate 9 and P9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. huaweiMate9 and P9 are the smartphones of China's Huawei company. Huawei's mobile phone has a retrieving function security bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The following versions are affected: Huawei Mate 9 versions prior to MHA-AL00BC00B156, versions prior to MHA-CL00BC00B156, versions prior to MHA-DL00BC00B156, versions prior to MHA-TL00BC00B156; versions prior to P9 EVA-AL10C00B373, versions prior to EVA-CL10C00B373 , the version before EVA-DL10C00B373, the version before EVA-TL10C00B373