VARIoT IoT vulnerabilities database

Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add_user action in a request to password.cmd. Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL is a router product from Alcatel-Lucent, France. Alcatel-Lucent CellPipe 7130 Router is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. The vulnerability is caused by insufficient filtering of requests in the password.cmd file

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit vulnerabilities to gain unauthorized access to devices through sensitive information. An attacker can exploit this issue to gain unauthorized access to the affected device

Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Versions prior to Magnum 6K 4.5.6 Versions prior to Magnum 10K 4.5.6. web-server is one of the web server components

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. A security vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows a local attacker to exploit a vulnerability to bypass security restrictions and perform unauthorized operations. An attacker in physical proximity could exploit this vulnerability to gain access with the enablement of this privileged account and a known password

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) By HTTP If the response is changed, it may be written to the language pack file. Samsung Galaxy S4 and so on are all smart mobile devices released by South Korea's Samsung. There are security vulnerabilities in the implementation of the SwiftKey language-pack upgrade for several Samsung Galaxy devices. Since the program uses HTTP to connect to the skslm.swiftkey.net server. SwiftKey is prone to a security-bypass vulnerability. Other attacks are also possible

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage. ** Delete ** This case CVE-2015-4640 and CWE-2015-4641 It was deleted after being divided into. CVE-2015-4640 and CWE-2015-4641 Please refer to. Samsung Galaxy S Pre-installed on the Swiftkey SDK There is a vulnerability in the keyboard function using, which does not correctly verify language pack updates. Inadequate verification of data reliability (CWE-345) - CVE-2015-2865 Samsung Galaxy S In Swiftkey SDK The keyboard function using is preinstalled. This keyboard function Samsung It is signed and operates with system privileges. This keyboard function regularly checks for language pack updates, HTTP Is done via. If the contents of communication are altered by a man-in-the-middle attack, there is a possibility that it may be abused to write arbitrary data to the device. CWE-345: Insufficient Verification of Data Authenticity http://cwe.mitre.org/data/definitions/345.htmlIntermediary by a remote third party (man-in-the-middle) An arbitrary data may be written to the device by the attack. However, Swiftkey Considering the frequency of update checks by, it is unlikely that such an attack is possible. Samsung Galaxy is Samsung's mid- to high-end smartphone product line. To the affected device. Samsung Galaxy S Phones are prone to a security-bypass vulnerability. Other attacks are also possible. Note: This BID is being retired as CVE-2015-2865 (Samsung Galaxy S Phones CVE-2015-2865 Man in The Middle Security Bypass Vulnerability) is rejected and split into two issues. The following individual records exist to better document the issues: 75347 SwiftKey CVE-2015-4640 Man in The Middle Security Bypass Vulnerability 75353 SwiftKey CVE-2015-4641 Directory Traversal Vulnerability

Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Photoshop CC is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut32795

The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. Cisco Virtualization Experience Client 6000 series devices are prone to a local arbitrary command-execution vulnerability. Local attackers can exploit this issue to execute arbitrary commands on the underlying operating system with root privileges. This issue is being tracked by Cisco bug ID CSCug54412. ,

Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. Huawei E5756S Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. HuaweiE5756S is a China Unicom 3G network card device from China. A security vulnerability exists in the HuaweiE5756SV100R001B100D00SP00C00 version. This vulnerability is caused by an imperfect WebUI interface authentication mechanism. Huawei E5756S is prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks

RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. RLE Nova-Wind Turbine HMI Since the device stores clear text authentication information, there is a vulnerability in which important information can be obtained.Important information may be obtained by a third party. The Nova-Wind Turbine HMI is the human-machine interface for wind turbines. Attackers can exploit this issue to gain access to the sensitive information. Successful exploit results in a complete compromise of the affected system

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. The device provides spam protection, email encryption, and data loss prevention. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID's CSCuu35853 and CSCuu37733. The following versions are affected: Cisco ESA Appliance Release 3.3.1-09, Release 7.5.1-gpl-022, Release 8.5.6-074

The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. Cisco IOS is an operating system developed by Cisco Systems for its network devices. This issue is being tracked by Cisco Bug ID CSCuq24202

SAP GUI is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed exploit attempts may result in a denial-of-service condition.

D-Link DSP-W110 is a wireless smart plug-in for D-Link. A security vulnerability exists in D-Link DSP-W110 using firmware version 1.05b01. Attackers can use this vulnerability to control applications, access or modify data, or use potential vulnerabilities in the underlying database to upload arbitrary files and execute arbitrary commands

Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. Multiple Hospira products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Information disclosure vulnerabilities exist in several Hospira products

Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Multiple Hospira products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Hospira LifeCare PCA Infusion System is an intelligent infusion system developed by Hospira in the United States. A security vulnerability exists in Hospira LifeCare PCA Infusion System 5.0 and earlier