VARIoT IoT vulnerabilities database

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojan horses in unspecified directories. DLL You may get permission through. OPC Systems.NET is prone to a local privilege-escalation vulnerability. Attackers can exploit this issue remotely by placing the files in a remotely accessible SMB or WebDAV share location. A local attacker can leverage this issue to execute arbitrary code with application privileges

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226. HuaweiALEsmartphone and GEM-703Lsmartphone are all Huawei smartphones of China. JointPhotographicExpertsGroupProcessingUnit (JPU) is one of the drivers. There is a security hole in the JPU driver of HuaweiALE and GEM-703L smartphones. Multiple Huawei JPU products are prone to multiple denial-of-service vulnerabilities. Other attacks are also possible. The following versions are affected: Huawei ALE using software versions earlier than ALE-UL00C00B220 and ALE-TL00C01B220, and GEM-703L using software versions earlier than V100R001C233B111

The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. HuaweiALEsmartphone and GEM-703Lsmartphone are smartphones of China's Huawei company. JointPhotographicExpertsGroupProcessingUnit (JPU) is one of the drivers. A security vulnerability exists in the JPU driver of the HuaweiALEsmartphone and GEM-703Lsmartphone, allowing remote attackers to gain system or camera privileges through the use of specially crafted applications. Multiple Huawei JPU products are prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash the application; denying service to legitimate users. Other attacks are also possible. A security vulnerability exists in the JPU driver of Huawei ALE and GEM-703L smartphones. The following versions are affected: Huawei ALE using software versions earlier than ALE-UL00C00B220 and ALE-TL00C01B220, and GEM-703L using software versions earlier than V100R001C233B111

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. Cisco Emergency Responder Contains a cross-site scripting vulnerability. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. An attacker could exploit a vulnerability to perform a storage-type cross-site scripting attack on a user's web interface by entering malicious code into the affected form. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv25547. The software provides features such as real-time location tracking database and caller's location

Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. Vendors have confirmed this vulnerability Bug ID CSCuv26501 It is released as.A third party may be able to hijack the authentication of any user. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuv26501. Cisco Emergency Responder (ER) is an emergency call software in an IP communication system of Cisco (Cisco). The software provides features such as real-time location tracking database and caller's location

Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. Exploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller's location

Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuv25501. Cisco Emergency Responder (ER) is an emergency call software in an IP communication system of Cisco (Cisco). The software provides features such as real-time location tracking database and caller's location. A security vulnerability exists in Cisco ER 10.5 (3.10000.9) release

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516. Cisco TelePresence is a Cisco TelePresence solution. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCuw64516

Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH port during the booting process, aka Bug ID CSCuu81757. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu81757. A security vulnerability exists in Cisco UCS version 2.2(3f)A on the Cisco Fabric Interconnect 6200 due to the fact that the program does not perform sufficient rate limiting on SSH TCP connection requests at boot time

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. Cisco Hosted Collaboration Mediation Fulfillment Is RBAC Vulnerabilities exist in which important credentials are obtained. An attacker may leverage these issues to obtain authentication credential and other sensitive information.This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuw84374. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F. There is a security vulnerability in Cisco HCM-F 10.6(3), which is caused by the fact that the program does not use RBAC authority management

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuw24479

The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. ZyXEL NBG-418N router, firmware version 1.00(AADZ.3)C0, uses default credentials and is vulnerable to cross-site request forgery. ZyXELNBG-418N is a wireless broadband router from ZyXEL Technology. ZyXELNBG-418Ndeviceswithfirmware1.00(AADZ.3)C0 has a credential management vulnerability. An attacker can exploit these issues to gain unauthorized access, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. The vulnerability is caused by using '1234' as the password for the admin account

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Buffalo Wireless provided by LAN Router WZR-600DHP2 Has the problem of using insufficient random values. Insufficient random value used (CWE-330) - CVE-2015-8262 WZR-600DHP2 Sent from DNS The query source port number is fixed. Also, DNS Used for queries TXID Is 0x0002 It increases gradually and can be predicted from the outside. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. Buffalo AirStation Extreme N600 WZR-600DHP2 is a router product of the Buffalo Group in Japan. A security bypass vulnerability exists in the Buffalo AirStation Extreme N600 WZR-600DHP2 Router. An attacker could exploit the vulnerability to bypass security restrictions and gain unauthorized access. This may aid in further attacks

Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. A cross-site request forgery vulnerability exists in AmpedWirelessR10000deviceswithfirmware2.5.2.11. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker could exploit this vulnerability to perform unauthorized operations

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. ReadyNetWRT300N-DDdeviceswithfirmware is a wireless router product from ReadyNet, New Zealand. There is an authorization vulnerability in ReadyNetWRT300N-DDdeviceswithfirmware1.0.26. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. The vulnerability is due to the use of 'admin' as the password for the admin account

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. Netgear Wireless provided by LAN Router WNR1000v3 Has the problem of using insufficient random values. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. The Netgear G54/N150 WNR1000v3 has a security bypass vulnerability that allows remote attackers to exploit this vulnerability to bypass security restrictions and gain unauthorized access. This may aid in further attacks. The following products are vulnerable: Netgear G54 WNR1000v3 running firmware version 1.0.2.68 and prior. Netgear N150 WNR1000v3 running firmware version 1.0.2.68 and prior

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025. Exploiting this issue could allow an attacker to gain unauthorized read and write access to sensitive information in the back-end database. This issue is being tracked by Cisco bug ID CSCuv87025. The tool provides real-time configuration, management, analysis and monitoring functions. There is a security vulnerability in Cisco VDS-SM 3.4.0 and earlier versions. The vulnerability is caused by the fact that the program does not use RBAC control for back-end database access in real time

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. Wind River VxWorks is a set of IoT embedded real-time operating system (RTOS) developed by Wind River. There is an integer overflow vulnerability in the 'the _authenticate' function of the svc_auth.c file in Wind River VxWorks version 5.5 to 6.9.4.1. WindRiver VxWorks is prone to a integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data

Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. ZyXELNBG-418N is a wireless broadband router from ZyXEL Technology. An attacker can exploit these issues to gain unauthorized access, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker could exploit this vulnerability to perform unauthorized operations

ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. ReadyNetWRT300N-DDdeviceswithfirmware is a wireless router product from ReadyNet, New Zealand. There is a spoofing vulnerability in ReadyNetWRT300N-DDdeviceswithfirmware1.0.26. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker can exploit this vulnerability to forge response information