VARIoT IoT vulnerabilities database

The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request. ZyXEL Wireless N300 NetUSB Router NBG-419N running firmware version 1.00(BFQ.6)C0, and possibly earlier versions, is susceptible to multiple vulnerabilities. Other device models that use similar firmware may also be vulnerable. The ZyXEL NBG-419N is a wireless router product. ZyXEL NBG-419N (Firmware Version 1.00 (BFQ.6) C0) has vulnerabilities in the implementation of direct request vulnerability, hard-coded password vulnerability, stack buffer overflow vulnerability, special character invalidation in OS command error. An attacker could exploit this vulnerability to bypass security restrictions, execute arbitrary commands on affected devices, and so on. This may aid in further attacks

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. Successfully exploiting this issue allows attackers to create improper authenticated SSL connections, which will aid in further attacks. RSA BSAFE Micro Edition Suite (MES) 4.0.x versions prior to 4.0.5 and 3.2.x version prior to 3.2.6 are vulnerable. The toolkit helps developers achieve stable and secure application design. The vulnerability stems from the fact that the program does not properly validate the X.509 certificate chain. MES 4.0.5 and 3.2.6 are designed to address this issue by performing proper certificate validation. Recommendation: RSA strongly recommends that customers on MES 4.0.x upgrade to MES 4.0.5 and customers on MES 3.2.x upgrade to MES 3.2.6 at the earliest opportunity. Obtaining Downloads: To request your upgrade of the software, please call your local support telephone number (contact phone numbers are available at http://www.emc.com/support/rsa/contact/phone-numbers.htm) for most expedient service. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, \x93Security Advisories Severity Rating\x94 at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes & Security Advisories Subscription RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. Sincerely, RSA Customer Support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlNIFhUACgkQtjd2rKp+ALwepgCgtGh+srqAWqf0NedDF8AfS13Y 7FwAnRbX6vxIBBd4KBRVlKfYdj0CgMR2 =eaax -----END PGP SIGNATURE-----

SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

The AGO IPC is a compact industrial PC that is suitable for control applications. WAGO I/O System CODESYS WebVisu has a password information disclosure vulnerability that allows attackers to gain access to further sensitive information

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. vtiger CRM is prone to a security-bypass vulnerability. An attacker can exploit this issue to change a user's password, thereby aiding in further attacks. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There is a security hole in the modules/Users/ForgotPassword.php file of Vtiger CRM6.0 version

The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet. IOServer is a Windows-based OPC server that allows OPC clients such as human-machine interfaces and monitoring and data acquisition systems to exchange factory data with programmable logic circuits. IOServer is prone to an out-of-bounds read vulnerability. OPC Drivers versions prior to 1.0.20 are vulnerable

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company, which provides functions such as management, collection and analysis of customer information. Install Module is one of the installation modules

Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Networks Junos 11.4, releases 12.1 through 12.3, and releases 13.1 through 13.3

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. Juniper Junos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Junos 11.4, 12.1, 12.1X44, and 12.1X45 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. The following versions are affected: Juniper Networks Junos 10.0, 10.4, 11.4, 12.1x44, 12.1x45, 12.1x46, 12.1, 12.2

Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected device, denying service to legitimate users. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK

Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496. Vendors have confirmed this vulnerability Bug ID CSCuj33496 It is released as.Level by remote authenticated user 0 of ASDM There is a possibility that authority is acquired by using access. Remote attackers can exploit this issue to gain elevated privileges and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuj33496

Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099. Cisco Adaptive Security Appliance is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain administrative access to affected devices. This issue is tracked by Cisco Bug ID CSCul70099. The following versions are affected: Cisco ASA Software 8.0, 8.1, 8.2, 8.3 (2.40) before 8.3, 8.4, 8.6, 9.0, 9.1 before 9.1 (4.3)

The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555. Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthenticated access to the SSL VPN Portal page. This issue is tracked by Cisco Bug ID CSCua85555

Yamaha RT-Series Routers is the RT series router products of Yamaha Group of Japan. A remote denial of service vulnerability exists in Yamaha RT-Series Routers. An attacker could use this vulnerability to cause the affected application to crash and deny legitimate users

The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh44052

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. The following releases are affected: Juniper Networks Junos Release 13.1 through 13.3, Release 12.1 through 12.3, 12.1x44, 12.1x45, 12.1x46, 11.4, 11.4x27

The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos 10.4, 11.4, 12.1x44, 12.1x45, 12.1x46, 12.1

Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Networks Junos 12.1x45, 12.1x46, 12.1, 12.1x44, 11.4

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. Advantech WebAccess Contains a stack-based buffer overflow vulnerability.Too long by a third party AccessCode Arbitrary code may be executed via an argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess fails to properly filter user input when processing AccessCode parameters, allowing remote attackers to exploit vulnerabilities to submit special parameters that trigger stack buffer overflows, causing applications to crash or execute arbitrary code. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk. The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment