VARIoT IoT vulnerabilities database

ZXECS EBG2800 is a converged communications product that integrates data, voice, security, behavior management and rich value-added business applications into a single system, providing various functions required by enterprises in a modular form. ZTE ZXECS EBG2800 'id' parameter has an arbitrary file download vulnerability. The vulnerability exists in the download.php file in the root directory of the website, allowing attackers to use the vulnerability to obtain sensitive information.

email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403. Google Android is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. This issue is being tracked by Android Bug ID A-30745403. Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, and 7.0 are vulnerable

arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. Linux Kernel is prone to an information disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information; information obtained may aid in other attacks

Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. LGElectronicsL-04D is a wireless router from LG Electronics of South Korea. An attacker could exploit the vulnerability to perform unauthorized actions. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities

D-LinkDIR-632 is a wireless router manufactured by Friends. The product has a design flaw vulnerability, and an attacker can obtain sensitive information by sending a specific POST packet, including sensitive information such as model number, mac, and essid.

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. FortinetFortiWLC is a wireless controller from Fortinet. There is a security hole in FortinetFortiWLC. FortiWLC is prone to a local information-disclosure vulnerability. The following versions are affected: FortiWLC 6.1-2-29 and prior versions FortiWLC 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0

Abilene Business Intelligence Gateway is a product of Beijing Hairui Xingye Technology Co., Ltd. A generic SQL injection vulnerability exists in the Abilitondo Business Intelligence Gateway. Allows an attacker to obtain sensitive database information using common SQL injection tools.

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party may read or write arbitrary files. FortinetFortiWLC is a wireless controller from Fortinet. FortiWLC is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to the system and obtain sensitive information that may lead to further attack. The following versions are affected: Fortinet FortiWLC 6.1-2-29 and prior, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, 8.2-4-0 Version

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. Ubiquiti UniFi AP AC Lite is prone to an access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Ubiquiti Networks UniFi is a set of WiFi wireless network system of Ubiquiti Networks in the United States

F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party NAT64 Problems or system configuration files changed or extracted (extract) There is a possibility that. F5 BIG-IP LTM Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. F5 BIG-IP LTM is a local traffic manager of F5 company in the United States. The following versions are affected: F5 BIG-IP LTM 11.x prior to 11.2.1 HF16, 11.3.x prior, 11.4.1 11.4.x prior to HF11, 11.5.0, 11.5.1 prior to HF11, Version 11.5.2, Version 11.5.3, Version 11.5.4 before HF2, Version 11.6.0 before HF8, Version 11.6.1 before HF1, Version 12.0.0 before HF4, Version 12.1.0 before HF2

For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash. Supplementary information : CWE Vulnerability types by CWE-476: NULL Pointer Dereference (NULL Pointer dereferencing ) Has been identified. Multiple NVIDIA products are prone to a denial-of-service vulnerability

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. Multiple American Auto-Matrix products are prone to a local file-include vulnerability and an information-disclosure vulnerability. This could allow the attacker to compromise the application; other attacks are also possible

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file. Supplementary information : CWE Vulnerability type by CWE-312: Cleartext Storage of Sensitive Information ( Clear storage of important information ) Has been identified. http://cwe.mitre.org/data/definitions/312.htmlIf a file is read by a third party, important information may be obtained. Multiple American Auto-Matrix products are prone to a local file-include vulnerability and an information-disclosure vulnerability. This could allow the attacker to compromise the application; other attacks are also possible

Automation DCISoft is a dedicated electronic drawing software. Automation DCISoft has a buffer overflow vulnerability that allows an attacker to exploit this vulnerability to execute arbitrary code.

Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and 16.1 allow remote attackers to cause a denial of service (memory consumption or device reload) via fragmented IKEv1 packets, aka Bug ID CSCuy47382. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. InternetKeyExchangeversion1 (IKEv1) Fragmentation is one of the protocols used to set up security associations (SAs) in the IPsec protocol suite. An attacker could exploit the vulnerability by sending a specially crafted UDP packet to cause a denial of service (overload). Attackers can exploit this issue to cause a memory exhaustion, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuy47382

Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. IPDetailRecord (IPDR) is one of the modules that provides detailed network information logging. A remote attacker could exploit the vulnerability by sending a specially crafted IPDR packet, causing the device to be overloaded, resulting in a denial of service. This issue is being tracked by Cisco Bug ID CSCuu35089

The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. DNSForwarder is one of the DNS forwarder components. A denial of service vulnerability exists in the DNSForwarder feature in Cisco IOS and IOSXESoftware. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCup90532

Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367. ( Memory consumption ) There are vulnerabilities that are put into a state. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. SmartInstallclient is one of the clients that provides configuration and image management capabilities. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuy82367. Cisco IOS and IOS XE Software are vulnerable

The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.1 through 3.18 and 16.2 allows remote attackers to cause a denial of service (device reload) via a failed SSH connection attempt that is mishandled during generation of an error-log message, aka Bug ID CSCuy87667. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Authentication, Authorization and Accounting (AAA) is one of the service modules for processing computer resources and user requirements and providing authentication and authorization for enterprises. This issue is being tracked by Cisco Bug ID CSCuy87667

Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of service (process restart) via a crafted OSPF Link State Advertisement (LSA) update, aka Bug ID CSCvb05643. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb05643