VARIoT IoT vulnerabilities database

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller. plural Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 The controller grants improper privileges to critical resources, resulting in a vulnerability that removes all administrators.A user with administrator privileges may delete all administrators. Rockwell Automation is a UK company providing information on industrial automation control and globalization. The MicroLogix 1100 and 1400 Series products are used in food, agriculture, and water and wastewater systems. A denial of service vulnerability exists in Rockwell Automation MicroLogix 1100 and 1400. The attacker exploited the vulnerability to obtain sensitive information, unauthorized access to the affected device or a denial of service

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. Rockwell Automation is a UK company that provides industrial automation control and global information. Logix5000Controllers is the company's controller family. A remote stack buffer overflow vulnerability exists in RockwellAutomationLogix5000Controllers. An attacker could exploit this vulnerability to execute arbitrary code in an application environment. Rockwell Automation Logix5000 Controllers are prone to a remote stack-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. Multiple F5 BIG-IP Products are prone to an unspecified HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. NETGEARArlobasestations and so on are products of NETGEAR. ArloQcameras and ArloQPluscameras are wireless webcam devices; Arlobasestations is a base station used by ArloQcameras and ArloQPluscameras. This may lead to further attacks. Arlo Q cameras and Arlo Q Plus cameras are wireless network camera devices; Arlo base stations are a base station used by Arlo Q cameras and Arlo Q Plus cameras

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. NETGEARArlobasestations and so on are products of NETGEAR. ArloQcameras and ArloQPluscameras are wireless webcam devices; Arlobasestations is a base station used by ArloQcameras and ArloQPluscameras. A remote attacker can exploit this vulnerability to obtain sensitive information. This may aid in further attacks. NETGEAR Arlo Q cameras (model number VMC3040) running firmware version 1.8.0_5551 or prior versions are affected. NETGEAR Arlo Q Plus cameras (model number VMC3040s) running firmware version 1.8.1_6094 or prior versions are affected. Arlo Q cameras and Arlo Q Plus cameras are wireless network camera devices; Arlo base stations are a base station used by Arlo Q cameras and Arlo Q Plus cameras

A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. Netgear DGN2200 and DGND3700 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NETGEAR DGN2200 is a wireless router product from NETGEAR. Affected Models: Netgear DGN2200 running firmware version DGN2200-V1.0.0.50_7.0.50 Netgear DGND3700 running firmware version DGND3700-V1.0.0.17_1.0.17 Solution: Netgear has released firmware version 1.0.0.52 for DGN2200 & 1.0.0.28 for DGND3700 to address this issue 2. SSID & wireless key Disclosure (CVE-2016-5638) There are few web pages associated with the genie app. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Affected Models: Netgear WNDR4500 running firmware version V1.0.1.40_1.0.68 Solution: WNDR4500v1 has reached the End of Life so Netgear wonat be releasing any updates for this. ## History 23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version Thanks, Mandar

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. Netgear WNDR4500 Firmware contains an information disclosure vulnerability.Information may be obtained. The NetgearWNDR4500 is a wireless router product from NetGear. # Title: Netgear DGN2200, DGND3700 and WNDR4500 Multiple Information Disclosure Vulnerabilities # Author: Mandar jadhav # Vendor Homepage: https://www.netgear.com/ # CVE's : CVE-2016-5649, CVE-2016-5638 1. When processed, it exposes adminas password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access of the targeted routeras web interface. ## History 23.06.2016 - Initial contact to Netgear 24.06.2016 - Reported all details to Netgear 01.07.2016 - Email sent to Netgear asking for status update, no response 14.07.2016 - Email sent to Netgear asking for status update, no response 26.07.2016 - Netgear confirms findings 31.08.2016 - Email sent to Netgear asking for status update 02.09.2016 - Received reply from Netgear that they will be releasing a fix for this 23.12.2016 - Netgear informs that vulnerability has been fixed in the new version Thanks, Mandar

An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. GoogleNexus is a smart device from Google. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-31225246 and A-31243641

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. GooglePixelC is a tablet from Google Inc. in the United States. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32402179 and A-32447738

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. GoogleNexus9 is a tablet from Google Inc. in the United States. NVIDIAVideoDriver is an NVIDIA graphics driver component used in it. Google Android is prone to an information-disclosure vulnerability. Information obtained may aid in further attacks. Nexus 9 is vulnerable

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750554. References: QC-CR#1079596. GoogleNexus is a high-end mobile phone series powered by Google\342\200\231s original Android system. Google Nexus is prone to a privilege-escalation vulnerability

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. GooglePixelC is a tablet from Google Inc. in the United States. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-32402179 and A-32447738

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. STMicroelectronics The driver contains a vulnerability in which information is disclosed. GoogleNexus is a smart device from Google. Attackers can exploit vulnerabilities to obtain potentially sensitive information. Information obtained may aid in further attacks

An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891. GoogleNexus is a smart device from Google. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-31225246 and A-31243641

An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. STMicroelectronics The driver contains a vulnerability in which information is disclosed. GoogleNexus is a smart device from Google. Attackers can exploit vulnerabilities to obtain potentially sensitive information. Information obtained may aid in further attacks

An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. Binder Contains a vulnerability with elevated privileges. GooglePixelC and so on are all smart devices from Google. Binder is one of the system interprocess communication (IPC) mode components. Google Pixel is prone to a privilege-escalation vulnerability

Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713. Android Contains a buffer error vulnerability. This vulnerability Android ID: A-32639452 and Qualcomm QC-CR#1079713 It is published asInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GoogleAndroidOne is a smartphone from Google Inc. in the United States. Qualcomm is a device-specific Qualcomm component used by Qualcomm. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges in the context of the kernel. This issue is being tracked as Android ID A-32639452

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. SendQuick Entera and Avera SMS Gateway Appliances are prone to a remote command-injection vulnerability. TalariaX SendQuick Entera and Avera are products of TalariaX Company in Singapore. The former is a web-based server management system, and the latter is a plug-and-play network monitoring system

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'. plural Juniper Networks Run on device Junos OS Contains an information disclosure vulnerability.Information may be obtained. Juniper Networks QFX3500 and other are Juniper Networks' switch products. Information obtained will aid in further attacks. Junos OS 14.1X53-D40, 15.1X53-D40, 15.1R2 and later fixes the issue. Attackers can exploit this vulnerability to obtain Etherleak memory

MileSight camera is a network camera produced by Xiamen Pulse Vision Digital Technology Co., Ltd. The MileSight camera has a default SSH root user vulnerability. An attacker can use the vulnerability to log in to the device through root and obtain the highest permission of the device.