VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202408-2335 CVE-2024-7987 Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ThinServer service which listens on TCP port 2031 by default. The issue results from the lack of proper access controls set on resources used by the service. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA
VAR-202408-1385 CVE-2024-43027 plural  DrayTek Corporation  Command injection vulnerabilities in the product CVSS V2: -
CVSS V3: 8.0
Severity: HIGH
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. DrayTek Corporation of Vigor300b firmware, Vigor2960 firmware, Vigor3900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202408-1360 CVE-2024-43882 Linux  of  Linux Kernel  In  Time-of-check Time-of-use (TOCTOU)  Race condition vulnerabilities CVSS V2: 7.2
CVSS V3: 7.0
Severity: HIGH
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning the execution may gain unintended privileges. For example, if a file could change permissions from executable and not set-id: ---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-executable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible to gain root privileges when execution should have been disallowed. While this race condition is rare in real-world scenarios, it has been observed (and proven exploitable) when package managers are updating the setuid bits of installed programs. Such files start with being world-executable but then are adjusted to be group-exec with a set-uid bit. For example, "chmod o-x,u+s target" makes "target" executable only by uid "root" and gid "cdrom", while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug 7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target But racing the chmod means users without group "cdrom" membership can get the permission to execute "target" just before the chmod, and when the chmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid to root, violating the expressed authorization of "only cdrom group members can setuid to root". Re-check that we still have execute permissions in case the metadata has changed. It would be better to keep a copy from the perm-check time, but until we can do that refactoring, the least-bad option is to do a full inode_permission() call (under inode lock). It is understood that this is safe against dead-locks, but hardly optimal. Linux of Linux Kernel for, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues. ========================================================================== Ubuntu Security Notice USN-7120-1 November 19, 2024 linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-nvidia: Linux kernel for NVIDIA systems - linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems - linux-oem-6.8: Linux kernel for OEM systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-6.8: Linux hardware enablement (HWE) kernel - linux-nvidia-6.8: Linux kernel for NVIDIA systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; (CVE-2024-46800, CVE-2024-43882) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.8.0-1014-gke 6.8.0-1014.18 linux-image-6.8.0-1015-raspi 6.8.0-1015.17 linux-image-6.8.0-1016-ibm 6.8.0-1016.16 linux-image-6.8.0-1016-oracle 6.8.0-1016.17 linux-image-6.8.0-1016-oracle-64k 6.8.0-1016.17 linux-image-6.8.0-1017-oem 6.8.0-1017.17 linux-image-6.8.0-1018-gcp 6.8.0-1018.20 linux-image-6.8.0-1018-nvidia 6.8.0-1018.20 linux-image-6.8.0-1018-nvidia-64k 6.8.0-1018.20 linux-image-6.8.0-1018-nvidia-lowlatency 6.8.0-1018.20.1 linux-image-6.8.0-1018-nvidia-lowlatency-64k 6.8.0-1018.20.1 linux-image-6.8.0-1019-aws 6.8.0-1019.21 linux-image-6.8.0-49-generic 6.8.0-49.49 linux-image-6.8.0-49-generic-64k 6.8.0-49.49 linux-image-aws 6.8.0-1019.21 linux-image-gcp 6.8.0-1018.20 linux-image-generic 6.8.0-49.49 linux-image-generic-64k 6.8.0-49.49 linux-image-generic-64k-hwe-24.04 6.8.0-49.49 linux-image-generic-hwe-24.04 6.8.0-49.49 linux-image-generic-lpae 6.8.0-49.49 linux-image-gke 6.8.0-1014.18 linux-image-ibm 6.8.0-1016.16 linux-image-ibm-classic 6.8.0-1016.16 linux-image-ibm-lts-24.04 6.8.0-1016.16 linux-image-kvm 6.8.0-49.49 linux-image-nvidia 6.8.0-1018.20 linux-image-nvidia-64k 6.8.0-1018.20 linux-image-nvidia-lowlatency 6.8.0-1018.20.1 linux-image-nvidia-lowlatency-64k 6.8.0-1018.20.1 linux-image-oem-24.04 6.8.0-1017.17 linux-image-oem-24.04a 6.8.0-1017.17 linux-image-oracle 6.8.0-1016.17 linux-image-oracle-64k 6.8.0-1016.17 linux-image-raspi 6.8.0-1015.17 linux-image-virtual 6.8.0-49.49 linux-image-virtual-hwe-24.04 6.8.0-49.49 Ubuntu 22.04 LTS linux-image-6.8.0-1018-gcp 6.8.0-1018.20~22.04.1 linux-image-6.8.0-1018-nvidia 6.8.0-1018.20~22.04.1 linux-image-6.8.0-1018-nvidia-64k 6.8.0-1018.20~22.04.1 linux-image-6.8.0-49-generic 6.8.0-49.49~22.04.1 linux-image-6.8.0-49-generic-64k 6.8.0-49.49~22.04.1 linux-image-gcp 6.8.0-1018.20~22.04.1 linux-image-generic-64k-hwe-22.04 6.8.0-49.49~22.04.1 linux-image-generic-hwe-22.04 6.8.0-49.49~22.04.1 linux-image-nvidia-6.8 6.8.0-1018.20~22.04.1 linux-image-nvidia-64k-6.8 6.8.0-1018.20~22.04.1 linux-image-nvidia-64k-hwe-22.04 6.8.0-1018.20~22.04.1 linux-image-nvidia-hwe-22.04 6.8.0-1018.20~22.04.1 linux-image-oem-22.04 6.8.0-49.49~22.04.1 linux-image-oem-22.04a 6.8.0-49.49~22.04.1 linux-image-oem-22.04b 6.8.0-49.49~22.04.1 linux-image-oem-22.04c 6.8.0-49.49~22.04.1 linux-image-oem-22.04d 6.8.0-49.49~22.04.1 linux-image-virtual-hwe-22.04 6.8.0-49.49~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7120-1 CVE-2024-43882, CVE-2024-46800 Package Information: https://launchpad.net/ubuntu/+source/linux/6.8.0-49.49 https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1019.21 https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1018.20 https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1014.18 https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1016.16 https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1018.20 https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1018.20.1 https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1017.17 https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1016.17 https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1015.17 https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1018.20~22.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-49.49~22.04.1 https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1018.20~22.04.1
VAR-202408-2062 CVE-2024-43879 Linux  of  Linux Kernel  Vulnerability in CVSS V2: 7.2
CVSS V3: 5.5
Severity: MEDIUM
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. Linux of Linux Kernel Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues
VAR-202408-1118 CVE-2024-43871 Linux  of  Linux Kernel  Vulnerability regarding lack of memory release after expiration in CVSS V2: 7.2
CVSS V3: 5.5
Severity: MEDIUM
In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). Linux of Linux Kernel Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues
VAR-202408-2205 CVE-2024-42815 TP-LINK Technologies  of  RE365  Out-of-bounds write vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. TP-LINK Technologies of RE365 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RE365 is a WiFi range extender from TP-LINK, a Chinese company. TP-LINK Technology Co., Ltd
VAR-202408-1643 CVE-2024-42813 TRENDnet  of  TEW-752DRU  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. TRENDnet of TEW-752DRU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202408-1790 CVE-2024-42812 D-Link Systems, Inc.  of  DIR-860L  Classic buffer overflow vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. D-Link Systems, Inc. of DIR-860L Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-860L is a wireless router from China's D-Link Corporation. It supports Wi-Fi 5 and offers dual-band (2.4GHz and 5GHz) network connectivity with a maximum transfer speed of 1200Mbps. The device has a built-in antenna, one USB 3.0 port, and four Gigabit wired ports
VAR-202408-0942 CVE-2024-42633 Cisco Systems  (Linksys)  of  e1500  in the firmware  OS  Command injection vulnerability CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. Cisco Systems (Linksys) of e1500 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys E1500 is a wireless router from Linksys, an American company
VAR-202408-0531 CVE-2024-7909 TOTOLINK  of  ex1200l  Out-of-bounds write vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of ex1200l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a wireless repeater from China's TOTOLINK Electronics. No detailed vulnerability details are currently provided
VAR-202408-0553 CVE-2024-7908 TOTOLINK  of  ex1200l  Out-of-bounds write vulnerability in firmware CVSS V2: 9.0
CVSS V3: 8.8
Severity: High
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of ex1200l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a wireless repeater from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to corrupt memory and possibly cause the browser to crash
VAR-202408-0694 CVE-2024-7907 TOTOLINK  of  x6000r  Command injection vulnerability in firmware CVSS V2: 6.5
CVSS V3: 6.3
Severity: Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router from China's TOTOLINK Electronics. Attackers can use this vulnerability to execute arbitrary system terminal commands and obtain system control permissions
VAR-202408-1014 CVE-2024-42995 Vtiger  of  Vtiger CRM  Vulnerability in CVSS V2: -
CVSS V3: 8.3
Severity: HIGH
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. Vtiger of Vtiger CRM Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202408-1386 CVE-2024-42994 Vtiger  of  Vtiger CRM  In  SQL  Injection vulnerability CVSS V2: -
CVSS V3: 7.2
Severity: HIGH
VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. (DoS) It may be in a state
VAR-202408-1940 CVE-2024-42634 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Code injection vulnerability in firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. Shenzhen Tenda Technology Co.,Ltd. of AC9 A code injection vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a security vulnerability caused by an unauthorized access flaw in the device firmware. Attackers can exploit this vulnerability to bypass authentication and gain management privileges on the device
VAR-202408-1587 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6120-E router control engine has a command execution vulnerability CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Ruijie Networks, founded in 2003, is an industry-leading ICT infrastructure and solution provider. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6120-E router control engine has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.
VAR-202408-0606 CVE-2024-42987 Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households
VAR-202408-0677 CVE-2024-42986 Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda Corporation, designed for large fiber-optic households
VAR-202408-0605 CVE-2024-42985 Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda Corporation, designed for large fiber-optic households
VAR-202408-0765 CVE-2024-42984 Shenzhen Tenda Technology Co.,Ltd.  of  fh1206  Out-of-bounds write vulnerability in firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Shenzhen Tenda Technology Co.,Ltd. of fh1206 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda FH1206 is a dual-band wireless router launched by Tenda, designed for large fiber-optic households