VARIoT IoT vulnerabilities database

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvb16317

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. Vendors have confirmed this vulnerability Bug ID CSCuz80503 It is released as.Session by a third party ID Through Web Sessions may be hijacked. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected application. This issue is being tracked by Cisco Bug ID CSCuz8050

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz58658. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following versions are affected: Cisco Firepower Management Center versons prior to 6.1 Cisco FireSIGHT System Software versons prior to 6.1 This issue is tracked by Cisco Bug ID CSCuz58658

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Beijing Sanwei Power Control Technology Co., Ltd. is a high-tech enterprise specializing in the development and service of monitoring configuration software. Beijing Three-dimensional Force Control Corp. ForceControl V7.1 has a buffer overflow vulnerability. An attacker could use the vulnerability to execute arbitrary code

The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. HuaweiWS331a is a mini wireless router from China's Huawei company. A certificate management vulnerability exists in HuaweiWS331aWS331a-10V100R001C02B017SP01 and earlier. The password verification was not handled correctly due to the program. Huawei WS331a is prone to a cross-site request-forgery vulnerability and a privilege escalation vulnerability. This may aid in other attacks. Huawei WS331a version WS331a-10 V100R001C02B017SP01 and earlier versions are affected

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors. HuaweiWS331a is a mini wireless router from China Huawei. Huawei WS331a is prone to a cross-site request-forgery vulnerability and a privilege escalation vulnerability. An attacker can exploit these issues to perform unauthorized actions in the context of a logged-in user of the affected application and gain elevated privileges. This may aid in other attacks. Huawei WS331a version WS331a-10 V100R001C02B017SP01 and earlier versions are affected. A remote attacker could exploit this vulnerability by submitting a specially crafted request to perform a factory reset or reboot the device

The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTP/2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTP (Hypertext Transfer Protocol, HyperText Transfer Protocol) is the most widely used network protocol on the Internet. The purpose of designing HTTP is to provide a way to publish and receive HTML pages, and resources requested through the HTTP protocol are identified by Uniform Resource Identifiers (URI). HTTP/2 is one version of that. There are security holes in the HTTP/2 protocol

The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. HTTPS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. HTTPS (Hypertext Transfer Protocol Secure) is a network security transmission protocol that communicates via Hypertext Transfer Protocol (HTTP) on a computer network and uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to web servers and protect the privacy and integrity of exchanged data. There are security holes in the HTTPS protocol

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to multiple information-disclosure vulnerabilities, a command-injection vulnerability and a cross-site scripting vulnerability. A remote attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or execute arbitrary commands, or gain access to sensitive information in the context of the affected device. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to multiple information-disclosure vulnerabilities, a command-injection vulnerability and a cross-site scripting vulnerability. A remote attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or execute arbitrary commands, or gain access to sensitive information in the context of the affected device. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. There is a security vulnerability in the linkreport/tmp/admin_global page in Fortinet FortiWAN 4.2.4 and earlier

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to an authentication bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtain sensitive information. This may lead to further attacks. Versions prior to FortiWAN 4.2.5 are vulnerable. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in the diagnosis_control.php page in Fortinet FortiWAN 4.2.4 and earlier

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWan ( Old AscenLink) Contains a vulnerability in which important information is obtained.The following important information can be obtained by a remotely authenticated user. Fortinet FortiWAN is prone to multiple information-disclosure vulnerabilities, a command-injection vulnerability and a cross-site scripting vulnerability. A remote attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or execute arbitrary commands, or gain access to sensitive information in the context of the affected device. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in Fortinet FortiWAN 4.2.4 and earlier

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. The Fortinet FortiWAN (Ascernlink) network load balancer appliance contains multiple vulnerabilities. Fortinet FortiWAN is prone to multiple information-disclosure vulnerabilities, a command-injection vulnerability and a cross-site scripting vulnerability. A remote attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or execute arbitrary commands, or gain access to sensitive information in the context of the affected device. Fortinet FortiWAN is a WAN link load balancing product developed by Fortinet. A security vulnerability exists in Fortinet FortiWAN 4.2.4 and earlier

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.Unspecified by a third party HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Module contains service disruption ( Transition to defect mode (defect-mode transition)) There are vulnerabilities that are put into a state.Skillfully crafted by a third party HTTP Service disruption via packets ( Transition to defect mode (defect-mode transition)) There is a possibility of being put into a state. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. Siemens SIPROTEC 4, SIPROTEC Compact, a denial of service vulnerability exists in versions prior to EN100 Ethernet 4.29. A remote attacker can cause a denial of service by constructing an HTTP packet. An attacker can exploit this issue to cause denial-of-service conditions. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.By a third party, unspecified during the authentication session HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. EN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

FireEye NX 4300 and others are the threat protection platforms of American FireEye company to defend against web network attacks. There are security bypasses in FireEye NX 1300, NX 2300, and NX 4300. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations. Multiple Fireeye NX products are prone to an unspecified security-bypass vulnerability. This may aid in further attacks

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. Cisco IOS is an operating system developed by Cisco Systems for its network devices. This issue is being tracked by Cisco bug ID CSCvb16274

Hangzhou Hikvision Digital Technology Co., Ltd. remote video surveillance management system is a set of video surveillance software. There is a SQL injection vulnerability in the remote video surveillance management system. Attackers can use the vulnerability to obtain sensitive database information.