VARIoT IoT vulnerabilities database

D-link specializes in the design and development of wireless network and Ethernet road hardware products. A remote command privilege escalation vulnerability exists in multiple D-Link products HNAP. Allows an attacker to exploit this vulnerability to escalate permissions and execute arbitrary commands. This may aid in further attacks

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. plural TP-LINK The product contains a directory traversal vulnerability.By a third party .. of PATH_INFO Any file may be read via. TP-Link is a well-known supplier of network and communication equipment. Allows an attacker to exploit this vulnerability to obtain sensitive information and initiate further attacks. TP-LINK Archer C5, etc. are all wireless router products of China Pulian (TP-LINK) company. A remote attacker can use the directory traversal character '..' to exploit this vulnerability to read arbitrary files. The following products and versions are affected: TP-LINK Archer C5 (hardware version: version 1.2) using firmware earlier than 150317, C7 (hardware version: version 2.0) using firmware earlier than 150304, C8 (hardware version) using firmware earlier than 150316 Version: Version 1.0), Archer C9 (Hardware Version: Version 1.0), TL-WDR3500 (Hardware Version: Version 1.0), TL-WDR3600 (Hardware Version: Version 1.0), TL-WDR4300 (Hardware Version : version 1.0); TL-WR740N (hardware version: version 5.0) and TL-WR741ND (hardware version: version 5.0) with firmware version earlier than 150312; TL-WR841N (hardware version: version 9.0) with firmware version earlier than 150310, TL-WR841N (hardware version: version 10.0), TL-WR841ND (hardware version: version 9.0)

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230. Vendors have confirmed this vulnerability Bug ID CSCut39230 It is released as.The local user can access any arbitrary Python The code may be executed and permissions may be obtained. Cisco Web Security Appliance is prone to a local arbitrary code execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCut39230. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. A security vulnerability exists in Cisco WSA devices using version 8.5.0-ise-147 software

Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. Vendors have confirmed this vulnerability Bug ID CSCur28806 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy using an address that was not permitted by a third party, access to network resources may be circumvented. The Cisco ASR 9000 Series is an integrated services router solution from Cisco that uses the IOS XR Software module operating system to provide carrier-class reliability. A security vulnerability exists in the Object-ACL matching process of Cisco Aggregation Services Router 9000 (ASR9K), which is exploited by unauthenticated remote attackers to bypass security restrictions by configuring ACLs. Cisco ASR 9000 Series Routers are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program not correctly recognizing certain ACL entries

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. QFX3500 and QFX3600 The switch is vulnerable to lack of entropy.Information may be obtained. There are security holes in Juniper Networks QFX3500 and QFX3600 switches. A remote attacker could use this vulnerability to perform a man-in-the-middle attack, gaining unauthorized access to sensitive information and systems. This aids in other attacks

Barracuda is a general term for a range of hard drive products. There is an arbitrary command injection vulnerability in the Barracuda web interface. Allows an attacker to exploit a vulnerability to execute commands arbitrarily on an affected device. Barracuda is prone to a remote command-injection vulnerability. Barracuda running firmware versions 5.0.0.012 and prior are vulnerable

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos on SRX Series devices is a set of network operating systems of Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 12.1X44 prior to 12.1X44-D45, 12.1X46 prior to 12.1X46-D30, 12.1X47 prior to 12.1X47-D20, and 12.3X48 prior to 12.3X48-D10

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, and 14.2 before 14.2R1 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. Juniper Junos J-Web is prone to a clickjacking vulnerability because it fails to perform validity checks on certain user actions through HTTP requests. Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information. Other attacks are also possible. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. A security vulnerability exists in J-Web for Juniper Networks Junos. The following versions are affected: Juniper Networks Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R5, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2R1 Prior to version 14.2

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments. Juniper Junos is prone to multiple local privilege escalation vulnerabilities. Local attackers can exploit these issues to gain root privileges. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos. The following versions are affected: Juniper Networks Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, Version 13.2 before 13.2R6, version 13.3 before 13.3R5, version 14.1 before 14.1R3, version 14.2 before 14.2R1

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Juniper Junos is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Juniper Networks Junos on SRX Series devices is a set of network operating systems of Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Junos in SRX Series devices. The following versions are affected: Juniper Junos 12.1X44 prior to 12.1X44-D45, 12.1X46 prior to 12.1X46-D30, 12.1X47 prior to 12.1X47-D15, and 12.3X48 prior to 12.3X48-D10

Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the RTSPVIDEO.rtspvideoCtrl.1 ActiveX control. By passing an overly long string to the OpenForIPCamTest method's StrRtspPath parameter, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code in the context of the browser. Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. Moxa SoftCMS is prone to a stack-based buffer-overflow vulnerability. Failed exploit attempts will result in denial-of-service conditions. Moxa SoftCMS 1.2 is vulnerable

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password

The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. Vendors have confirmed this vulnerability Bug ID CSCur21069 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Cisco Adaptive Security Appliance is prone to a command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. The following releases are affected: Cisco ASA Software 9.1 prior to 9.1(6), 9.2 prior to 9.2(3.3), and 9.3 prior to 9.3(3)

The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655. Attackers can exploit this issue to cause a memory exhaustion, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCuq77655. The following products are affected: Cisco ASA Software 7.2 (5.16) prior to 7.2, 8.2 (5.57) prior to 8.2, 8.3 (2.44) prior to 8.3, 8.4 (7.28) prior to 8.4, 8.5 (1.24) prior to 8.5, 8.6 ( 1.17) before 8.6, 8.7(1.16) before 8.7, 9.0(4.33) before 9.0, 9.1(6.1) before 9.1, 9.2(3.4) before 9.2, 9.3(3) before 9.3

The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290. Vendors have confirmed this vulnerability Bug ID CSCus95290 It is released as.Skillfully crafted by a third party XML Service disruption through documentation (VPN Stop or device reload ) There is a possibility of being put into a state. Cisco Adaptive Security Appliance (ASA) Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the WebVPN component, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCus95290. The following releases are affected: Cisco ASA Software 8.4 prior to 7.28, 8.6 prior to 8.6(1.17), 9.0 prior to 9.0(4.33), 9.1 prior to 9.1(6), 9.2 prior to 9.2(3.4), 9.3( 3) Before version 9.3

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954. Successful exploits may allow attackers to cause the reload of the affected system, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCus11007 and CSCun56954

Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the VPORTSDK.VPortSDKCtrl.1 ActiveX control. By passing an overly long string to the GetClientReg method's Name parameter, an attacker can overflow a buffer on the stack. This vulnerability could be used to execute arbitrary code in the context of the browser. Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate custom monitoring applications. Multiple Moxa products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely result in denial-of-service conditions. The tool supports VB, VC and C# development environments, etc

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Apple Xcode is prone to a local security-bypass vulnerability. A local attacker can leverage this issue to perform unauthorized actions. Versions prior to Apple Xcode 6.3 are vulnerable. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. LLVM (Low Level Virtual Machine) is a framework system of a framework compiler (compiler) developed by the LLVM team. A security vulnerability exists in Clang in LLVM used in versions prior to Apple Xcode 6.3 due to incorrect register allocation by the program

The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests. Apple Safari is prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose sensitive information that may aid in further attacks. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. The following versions are affected: Apple Safari prior to 6.2.5, 7.x prior to 7.1.5, and 8.x prior to 8.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed by improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a. Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Notifications preferences may reveal users' browsing history in private browsing mode Description: Responding to push notification requests in private browsing mode revealed users' browsing history. This issue was addressed by disabling push notification prompts in private browsing mode. CVE-ID CVE-2015-1128 : Joseph Winn of Credit Union Geek Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history may not be completely purged Description: A state management issue existed in Safari that resulted in users' browsing history not being purged from history.plist. This issue was addressed by improved state management. CVE-ID CVE-2015-1112 : William Breuer, The Netherlands WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1124 : Apple WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Users' browsing history in private mode may be indexed Description: A state management issue existed in Safari that inadvertently indexed users' browsing history when in private browsing mode. This issue was addressed by improved state management. CVE-ID CVE-2015-1127 : Tyler C WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Impact: Visiting a maliciously crafted website may lead to resources of another origin being accessed Description: An issue existed in WebKit's credential handling for FTP URLs. This issue was addressed by improved URL decoding. CVE-ID CVE-2015-1126 : Jouko Pynnonen of Klikki Oy Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVJG6MAAoJEBcWfLTuOo7tL3cP/RVZlw3sp/ze1r1hSxcezN/Z w/uAPiqzud607Aqqwsg1YI4WzqCoIVLEb6N40eNGn7aTFkgOrBlYhsxTNHNnx2cM 3/HkDKMZo0bhO/fIqa9YfyG/KbgFKQMM0/eECNccEkQp6/DLHLJIwS0+QW0oBZ9q m9bBNTHFQxvJA9or3cn/eFV1zWVvr5RjpwR595tzWpYLIbIqTX901VAbBMOKvqtl 8b5NMmLNoEmfKGWWRqa5RmguFNnnANi3m+6PgU6fNU82dm8mif+ONDhDeyC43MH0 cxeeKZcWBGdYel9C/ctSF9SsnKhqAukIMoMppYLLL8AFHBPd504w1oXoS6UiE/go GrCXwzyxOklGQriyeMS/nsSn+AryJzQP3hXgWjAd8HuSIKCff9iaZBk5OxjK1Cwi k0zSx0qDJAHo1nlUhawYjQVhD7QEtkV7QO6hb4W22h5r/0MJGNuPsh9Mw2u6gIW6 l+p2x3D64xjfh+EclWerMhN+tqBR3RokkdkvNxhStdsz6dkA21ynaHMiaYN3lff7 DDINEP6dDiLi8AGP9P9pjYl3wMVgVTyFgMGL7cUMx8GIrm4pp8YAkhj2yWOM/ns0 Mycgrf+h0tFZYTvvojWlyo4rqx9J8te7dEiHjmg8l0OrOHXzmqQhDwOIWbH8fIGO CfE7FxlOHEHgzh+bzKvG =Df4l -----END PGP SIGNATURE-----