VARIoT IoT vulnerabilities database

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. Cisco NX-OS software is a data center-level operating system that reflects modular design, resiliency, and maintainability. The vulnerability is due to a vulnerability in analytic malformed LDP Hello messages, which an attacker could send to the affected device to trigger the vulnerability. Cisco NX-OS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCul88851. Cisco NX-OS is a data center-oriented operating system developed by Cisco

The Motorola WiMAX CPEi25890 is a WiMax cat released by Motorola. The Motorola WiMAX CPEi25890 /cgi-bin/f1_fcgi_cgi.fcgi script failed to properly filter the device name field input, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack user sessions when malicious data is viewed.

3S S2071 (USB and SD card interface) performance dual video server H.264/MJPEG encoding, can simultaneously output D1, CIF, QCIF three streams, Full D1 resolution, 25 frames per second / PAL, deinterlacing, Support a variety of PTZ control protocols, alarm input x2, alarm output x1, USB interface can be connected to the external hard disk. The 3S S2071 and S4071 IP video servers are installed with default user credentials, and the password accounts for 'root' and '3 SADMIN' have '27988303' and form a file password that allows remote attackers to gain access to the device.

Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. Founded in 1993, Check Point Software Technologies is headquartered in Redwood City, Calif., and is the world's leading provider of Internet security solutions, leading the global enterprise firewall, personal firewall and virtual private network (VPN) markets

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. Apple iTunes is prone to a man-in-the-middle vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information, which will aid in further attacks. Apple iTunes versions prior to 11.1.4 are vulnerable. Apple Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-01-22-1 iTunes 11.1.4 iTunes 11.1.4 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may control the contents of the iTunes Tutorials window Description: The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. CVE-ID CVE-2014-1242 : Apple iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple libxml Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) libxslt Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire iTunes 11.1.4 may be obtained from: http://www.apple.com/itunes/download/ For OS X: The download file is named: iTunes11.1.4.dmg Its SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276 For Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f For 64-bit Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2 dQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC svag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de 1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45 koP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr 8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj 6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw AowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85 MbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN B+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw lsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX eWabnIgZ1wYWZB0y8x5K =pK6I -----END PGP SIGNATURE-----

Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Check Point Endpoint Security is a set of endpoint security solutions from Check Point Company in the United States. This solution combines firewall, network access control, anti-virus, anti-spyware, data security and other functions to ensure that terminal PCs are free from Web-based threats. The vulnerability is caused by the fact that the program does not verify the X.509 certificate configured on the client device

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. ASUS RT-N56U / RT-AC66U is a router device developed by ASUS. ASUS RT-N56U router is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Failed attempts will likely cause a denial-of-service condition. ASUS RT-N56U running firmware 3.0.0.4.374_979 and prior are vulnerable. The vulnerability stems from the fact that the APP_Installation.asp page does not filter 'apps_name' and The 'apps_flag' parameter

The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371. Vendors have confirmed this vulnerability Bug ID CSCuh28371 It is released as.Unspecified by a third party WSP Through the packet, top-up payment restrictions may be circumvented. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Because the program failed to properly process some WSP messages, the attacker could browse for free by redirecting the top portal page by sending a specially crafted WSP message. Cisco ASR 5000 Series devices are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuh28371. The vulnerability stems from the fact that the program does not process WSP packets correctly

Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCum16686. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. Cisco MediaSense Contains an open redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCum16749. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. Cisco MediaSense is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. A permissions and access control vulnerability exists in the Search and Play interfaces of Cisco MediaSense. The vulnerability is caused by the program not properly performing authentication operations

The TP-Link TD-W8951ND is a wireless router product. The TP-Link TD-W8951ND series router products can access the Firmware/Romfile Upgrade of the router panel without authentication. There is an unauthorized access security vulnerability in the implementation. The remote attacker can use this vulnerability to download the router configuration file and obtain management through the decompression software. Password, which in turn performs unauthorized administrator operations. It is also possible to perform a phishing attack.

Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter. Teracom T2-B-Gawv1.4U10Y-BI is a broadband Modem device. Teracom T2-B-Gawv1.4U10Y-BI failed to properly filter the 'essid' parameter data, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack user sessions when malicious data is viewed. Teracom T2-B-Gawv1.4U10Y-BI is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability. Dell OpenManage allows administrators to manage, monitor, and manipulate Dell PowerEdge servers from a central location or remotely. This page cannot be accessed from the web application link but can be found in the firmware. Successful exploits will cause the crash and reset the switch, resulting in a denial-of-service condition. Dell PowerConnect 3348, 3524p and 5324 are all series switch products of Dell (Dell). The following series of switches and versions are affected: Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, 5324 2.0.1.4

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. Because the program fails to properly filter user input, a remote attacker is allowed to exploit the vulnerability to execute arbitrary script code in the browser of a trusted user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCue65949. The system can respectively control network access and network device access through RADIUS and TACACS protocols

The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username. Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability. Dell PowerConnect is a switch product developed by Dell. GoAhead WebServer is an open source embedded web server program that supports Active Server Pages, embedded Javascript, SSL authentication and encryption. A denial of service vulnerability exists in Dell's GoAhead Web Server. The WEB server crashes because the program submits a specially crafted HTTP POST request with a username greater than 16 characters. Successful exploits will cause the switch to become unresponsive until the device is reset, resulting in a denial-of-service condition. The following series of switches and versions are affected: Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, 5324 2.0.1.4

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22. Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability. Dell PowerConnect is a switch product developed by Dell. Dell Multiple PowerConnect Switches are prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876. Cisco WebEx meetings server is prone to a password disclosure vulnerability. Successful exploits may allow an attacker to disclose sensitive information such as stored passwords; this may aid in further attacks. This issue is being tracked by Cisco bug ID CSCul33876. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. This issue is tracked by Cisco Bug ID CSCud75169. The system can respectively control network access and network device access through RADIUS and TACACS protocols. The vulnerability stems from the fact that the program does not perform authentication operations

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has a buffer overflow vulnerability that could be exploited by an attacker using any resource in any DLL in the command loader's home folder. Successful exploitation of the vulnerability could cause an application to crash or execute arbitrary code in the application context. Ecava IntegraXor is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits will allow attackers to crash the system, denying service to legitimate users. IntegraXor 4.1.4380 is vulnerable; other versions may also be affected