VARIoT IoT vulnerabilities database
| VAR-201410-1447 | No CVE | Multiple vulnerabilities in Draytek Vigor 2130 Router |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Draytek Vigor 2130 Router is a wireless router product with firewall function from DrayTek.
Code injection vulnerabilities and cross-site request forgery vulnerabilities exist in Draytek Vigor 2130 routers with firmware versions prior to 1.5.4.9. Attackers can use these vulnerabilities to bypass security restrictions, gain system access and sensitive information, perform unauthorized administrator operations, and steal cookie-based authentication certificates. Draytek Vigor 2130 router is prone to the following security vulnerabilities:
1. A command-injection vulnerability
2. Other attacks are also possible
| VAR-201411-0351 | CVE-2014-6033 |
F5 BIG-IP Code injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201410-0140 |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0
| VAR-201410-0375 | CVE-2014-4868 | Brocade Vyatta 5400 vRouter contains multiple vulnerabilities |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. Brocade Vyatta 5400 vRouter fails to properly handle user-submitted (`) characters, allowing remote attackers to exploit vulnerabilities to submit special requests, inject OS commands and execute them. A command-injection vulnerability
2. A security-bypass vulnerability
3. A remote code-execution vulnerability
An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7
| VAR-201410-0057 | CVE-2014-3396 | plural ASR 9000 Run on device Cisco IOS XR In Typhoon Line card ACL Vulnerabilities that can be bypassed |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. Vendors have confirmed this vulnerability Bug ID CSCup30133 It is released as.By a third party via transit traffic, Typhoon Line card ACL You may be able to work around the limitation. Cisco IOS XR is a fully modular, distributed network operating system from Cisco's IOS software family.
An attacker can exploit this issue to bypass the access list and perform unauthorized actions.
This issue is being tracked by Cisco Bug ID CSCup30133. The vulnerability is caused by the incorrect compression of port-range and address-range encoding. A remote attacker can exploit this vulnerability to bypass the established Typhoon line-card ACL restrictions by means of relay communication
| VAR-201410-0059 | CVE-2014-3398 | Cisco Adaptive Security Appliance Software SSL VPN Vulnerability in the implementation of critical software version information in the implementation of |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542.
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
This issue is being tracked by Cisco bug ID CSCuq65542
| VAR-201410-0061 | CVE-2014-3400 | Cisco WebEx Meetings Server Vulnerability in which important information is obtained |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
This issue is being tracked by Cisco bug IDs CSCuq36417 and CSCuq4034. There is a security vulnerability in CWMS that stems from the inclusion of sensitive data in the logs
| VAR-201410-1356 | CVE-2014-7277 | ZyXEL SBG-3300 Security Gateway Firmware login page cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable
| VAR-201410-1357 | CVE-2014-7278 | ZyXEL SBG-3300 Security Gateway Service disruption on the firmware login page (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. ZyXEL SBG-3300 Security Gateway The firmware login page shows service disruption ( permanent Web Interface down ) There are vulnerabilities that are put into a state. The ZyXEL SBG-3300 Security Gateway is a security gateway application. Zyxel SBG-3300 series routers are prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the device to reboot, denying service to legitimate users.
Zyxel SBG-3300 V1.00(AADY.4)C0 and prior are vulnerable
| VAR-201410-0377 | CVE-2014-4870 | Brocade Vyatta 5400 vRouter contains multiple vulnerabilities |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability
2. A security-bypass vulnerability
3. A remote code-execution vulnerability
An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The vulnerability is caused by the program not validating the parameters correctly. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7
| VAR-201410-0376 | CVE-2014-4869 | Brocade Vyatta 5400 vRouter contains multiple vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter Contains a vulnerability in which important encrypted password information can be obtained. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability
2. A security-bypass vulnerability
3. A remote code-execution vulnerability
An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7
| VAR-201410-0925 | CVE-2014-6434 | GoPro HERO 3+ of gpExec Vulnerable to arbitrary command execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "restart". Successful exploitation will allow an attacker to execute arbitrary commands on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201410-0924 | CVE-2014-6433 | GoPro HERO 3+ of gpExec Vulnerable to arbitrary file execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action. Authentication is not required to exploit this vulnerability.The specific flaw exists within the gpExec component. This component performs insufficient parameter validation on the a1/a2 parameters when the c1/c2 parameters are set to "start". Successful exploitation will allow an attacker to execute an arbitrary file on the target device. The GoPro HERO 3+ is a sports camera. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201410-1095 | CVE-2014-7861 | Apple OS X of IOHIDSecurePromptClient Vulnerability in arbitrary code execution in function |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of calls to IOHIDSecurePromptClient. The issue lies in the failure to properly sanitize user-supplied pointers before they are dereferenced. An attacker can leverage this vulnerability to crash an instance of OS X. Apple Mac OS X is a set of dedicated operating systems developed by Apple Inc. of the United States for Mac computers. A remote attacker could use this vulnerability to crash an application and deny legitimate users
| VAR-201410-1157 | CVE-2014-5410 | Rockwell Micrologix 1400 DNP3 Denial of service vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line. Rockwell Automation MicroLogix is a programmable controller platform. Rockwell Micrologix 1400 DNP3 is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users
| VAR-201410-1051 | CVE-2014-3059 | IBM WebSphere DataPower XC10 Vulnerabilities that can gain administrator privileges in the appliance management console |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks.
IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications
| VAR-201410-1052 | CVE-2014-3060 | IBM WebSphere DataPower XC10 Vulnerability in an appliance that gains administrator privileges |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks.
IBM WebSphere DataPower XC10 Appliance 2.5 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications. The loophole comes from the fact that the program does not set the security attribute when creating a session cookie
| VAR-201409-1260 | No CVE | State-of-the-art Wlan AC product access permissions bypass vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Bangxun Wlan AC is a wireless controller product produced by Bangxun Technology Co., Ltd. It is used to build large-scale wireless networks for basic telecommunications companies.
Testing found that multiple management pages of products related to V2.0.9 related versions have unauthorized access vulnerabilities. Anonymous can directly access the information on Wlan AC / AP, such as device information, AP information, user information, etc.
| VAR-201410-1134 | CVE-2014-0754 | Schneider Electric Modicon PLC Ethernet Module SchneiderWEB Vulnerable to directory traversal |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential.
Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version
| VAR-201410-0082 | CVE-2014-4809 | IBM Security Access Manager for Web of WebSEAL In the component Service operation interruption (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. IBM Security Access Manager for Web is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause CPU utilization to rapidly increase, leading to a denial-of-service condition. It provides user access management and Web application protection function. WebSEAL is one of the Web server components that provides authentication
| VAR-201410-0399 | CVE-2014-4823 | IBM Security Access Manager for Web and Security Access Manager for Mobile Vulnerabilities in system commands |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.
Remote attackers can exploit this issue to execute arbitrary shell commands within the context of the affected system. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. The management console in ISAM has a security hole