VARIoT IoT vulnerabilities database

Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681. Attackers can exploit this issue to cause the affected device to restart, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf80681

The Catalog Interface is a log that ensures trouble-free communication between the SAP system and external directories. The SAP EBP Catalog Interface (SRM-EBP-CAT) has an information disclosure vulnerability that allows an attacker to exploit a vulnerability to access potentially sensitive information

Samsung Android is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to execute arbitrary RFS commands on the affected device. This may aid in further attacks.

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. ZTE F460/F660 cable modems contain an unauthenticated backdoor. ZTE Provided by F460/F660 Has a problem with accessing the product without authorization. ZTE Provided by F460/F660 Without authentication web_shell_cmd.gch There is an issue with access to the script.A remote attacker may execute arbitrary commands with administrator privileges for the device. ZTE of ZTE F460 and ZTE F660 contains vulnerabilities related to authorization, privileges, and access control.None. ZTE F460/F660 are cable modem products. The web_shell_cmd.gch script accepts unauthenticated commands and can be accessed from the WAN interface. ZTE F460/F660 are prone to an unauthorized-access vulnerability. This may aid in further attacks. A security vulnerability exists in the web_shell_cmd.gch script file of ZTE F460 and F660 fiber optic modems. A remote attacker can exploit this vulnerability to gain administrative privileges by sending a sendcmd request

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. nginx SPDY Implementation 1.5.10 is vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev

The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password. The FI8910W Foscam IP camera running firmware version 11.37.2.54 fails to properly authenticate users. Foscam Provided by FI8910W There is an authentication bypass vulnerability (CWE-592) Exists. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlA remote attacker may be able to access video streaming or image files. FOSCAM IP-Cameras is a webcam device. FOSCAM FI8910W IP camera is prone to an authentication-bypass vulnerability. Attackers may exploit this issue to execute arbitrary commands, gain unauthorized access, or bypass intended security restrictions. Other attacks may also be possible. http://drupal.org/node/207891

A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application. Apple Mac OS X is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. A remote attacker could exploit this vulnerability with a specially crafted certificate chain to bypass authentication

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file.The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the OFS Client. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Failed exploit attempts will result in a denial-of-service condition. Schneider Electric OPC Factory Server (OFS) is a set of data communication editing software of French Schneider Electric (Schneider Electric). The software supports important information access, open page design, transparent architecture and interoperability, etc., enabling users to obtain good process and communication effects. The following versions are affected: Schneider Electric OFS TLXCDSUOFS33 - version 3.35, TLXCDSTOFS33 - version 3.35, TLXCDLUOFS33 - version 3.35, TLXCDLTOFS33 - version 3.35, TLXCDLFOFS33 - version 3.35

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113. Vendors have confirmed this vulnerability Bug ID CSCum78536 , CSCum78526 , CSCum69809 and CSCum63113 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID's CSCum78536, CSCum78526, CSCum69809, and CSCum63113. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. Vendors have confirmed this vulnerability Bug ID CSCum52355 and CSCul49309 It is released as.Malformed by a third party SNMP Service disruption via packets (MainApp Stop process ) There is a possibility of being put into a state. Attackers can exploit this issue to cause the MainApp process to become unresponsive, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCum52355 and CSCul49309. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

BusinessObjects Explorer is a data discovery application. SAP BusinessObjects Explorer SBOP Resource Manager has an information disclosure vulnerability that allows an attacker to access potentially sensitive information

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. Attackers can leverage this issue to gain escalated privileges

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session. Synology Provided by DiskStation Manager Has a problem with hard-coded credentials. Successful attacks can allow a remote attacker to gain unauthorized access to the vulnerable device. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes.". Founded in 1993, Check Point Software Technologies is headquartered in Redwood City, Calif., and is the world's leading provider of Internet security solutions, leading the global enterprise firewall, personal firewall and virtual private network (VPN) markets. There are multiple vulnerabilities in Check Point's multiple products. There are currently no detailed vulnerability descriptions. The impact of these issues is currently unknown. We will update this BID as more information emerges. The following products are affected: Security Gateway 80 R71.x and R75.20.x 600 Appliance R75.20.x 1100 Appliance R75.20.x. Please keep an eye on the cnnvd website or manufacturer announcements

Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. An attacker can exploit this issue to execute system commands with root-level privileges. This issue being tracked by Cisco Bug ID CSCum71308

The DG301 is a high-end Multi-WAN residential gateway with advanced router and bridging capabilities. Inteno DG301 'username' has a command injection vulnerability that can be exploited by an attacker to inject and execute arbitrary shell commands due to failure to adequately filter user-supplied input.

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers.  Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC. Linksys E-series routers are popular router devices. Multiple Linksys E-series routers have multiple security vulnerabilities that allow malicious users to bypass some of the security restrictions: 1. 2. The device fails to properly restrict access to the console, allowing an attacker to access restricted functionality through the TCP port 8083

Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config. The SFR Box router is a router device. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. SFR BOX NB6-MAIN-R3.3.4 is vulnerable; other versions may also be affected. CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone (estimated DSL user base of 5.2 Million). * affected product: SFR BOX NB6-MAIN-R3.3.4 * vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS /network/route 12 non-filtered Type-1 XSS /wifi/config 1 non-filtered Type-1 XSS /network/lan 8 non-filtered Type-1 XSS * exploitation hypotheses: - user already logged-in (or tricked by SE techniques to authenticate) - ip address of the SFR Box router is known (most users use the default settings: 192.168.1.1/24) * #number of attack vectors: 39 Type-1 XSS * exploitation scenario: If a user is tricked into authenticating into its interface, an attacker can XSS the user, and thus getting read and write access to the router configuration webpages. Such as scenario is mainly possible due to: - non filtered reflections (mainly Type-1 / reflected) - lack of Content Security Policy Moreover, no anti-CSRF token such as view-states are present, thus there is the possibility of modifying the routing tables even without an XSS, if the user is authenticated in the box. A non limitative list of actions include: - getting authentication credentials (wireless, DSL credentials) - rebooting the router - modifying the route table (thus possibility of content injection if an attacker controlled server is on the route) - DDOSing a target with numerous XSS'ed clients * timeline: - 2013-12-21: discovery - 2014-01-06: notification to vendor, ask for patch release - 2014-01-06: vendor acknowledges but does not answer on the patching timeframe - 2014-01-20: request for update or planned date of patch release - 2014-02-25: public disclosure

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials. (CWE-361). Blue Coat Provided by ProxySG Contains a vulnerability with a time lag between the change of the authentication information and the reflection. Blue Coat Provided by ProxySG Since the old authentication information is stored in the cache, the maximum time from the change of the authentication information to the reflection 15 Vulnerability with a time difference of about minutes (CWE-361) Exists. In addition, if other password-related processing such as login with a new account or denial of authentication due to an incorrect password is performed, this time difference will be reduced. CWE-361: Time and State https://cwe.mitre.org/data/definitions/361.htmlEven if the authentication information is changed, the maximum 15 You may be logged in with your old account for a minute. Blue Coat ProxySG is a set of secure Web gateway devices from Blue Coat, USA. The device provides user authentication, web filtering, data loss protection and more to control all web traffic. Blue Coat ProxySG has a security vulnerability in the SGOS caching feature

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701. Vendors have confirmed this vulnerability Bug ID CSCun00701 It is released as.A third party could hijack the administrator's credentials and make administrative changes. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected user. Other attacks are also possible. This issue is being tracked by Cisco bug ID CSCun00701. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution