VARIoT IoT vulnerabilities database

The Netgear WNDR3700 is a wireless router product. The NetGear WNDR3700 has an error in the web interface when processing the BRS_02_genieHelp.html request. Successful use can bypass certain security restrictions.

The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh36313. The platform provides functions such as secure access authentication and real-time fault analysis

Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTML via the isnowLatency parameter, aka Bug ID CSCul16173. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCul16173. The system combines security event monitoring with correlation rules, factor analysis, abnormal traffic detection and other functions to help accurately identify and eliminate network attacks

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139. Vendors have confirmed this vulnerability Bug ID CSCuj58139 It is released as.Crafted by attackers HTML Arbitrary code may be executed through the documentation. Attackers can exploit this issue to execute arbitrary commands with elevated privileges. Failed exploit attempts will result in denial-of-service conditions. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. This issue is being tracked by Cisco Bug ID CSCuj58139. Cisco AnyConnect Secure Mobility Client is a Cisco (Cisco) secure mobile client that can securely access networks and applications through any device

The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622. Vendors have confirmed this vulnerability Bug ID CSCui94622 It is released as.Third parties may be able to bypass policy restrictions. Cisco ASA CX is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The vulnerability is caused by the program not performing filtering operations correctly

The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345. Attackers can exploit this issue to crash the Java process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug57345. The platform provides functions such as secure access authentication and real-time fault analysis

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Since some unknown input related to the JavaDumpService servlet and the DataCollector servlet is not properly filtered before being returned to the user, the attacker can exploit the vulnerability to execute arbitrary HTML and script code in the user's browser session of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a URI redirection vulnerability in SAP NetWeaver. SAP is prone to an open-redirection weakness because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. SAP NetWeaver J2EE 6.40 and 7.02 are vulnerable

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability. vTiger CRM Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. vTiger CRM 5.3.0 and 5.4.0 are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information

UNICORN WB-3300NR Router Management Page has multiple cross-site request forgery vulnerabilities, allowing remote attackers to build malicious URIs, enticing users to resolve, and performing arbitrary operations in the target user context, such as resetting factory settings, changing DNS settings, and obtaining WPA passwords. UNICORN WB-3300NR Router is a wireless router product from UNICORN in Korea. A cross-site request forgery vulnerability exists in the UNICORN WB-3300NR Router, which originates from a program that does not properly filter HTTP requests. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device. This may aid in other attacks

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. SAP NetWeaver is a set of service-oriented integrated application platform of German SAP company. The platform provides a development and runtime environment for SAP applications. The vulnerability stems from insufficient filtering of user-submitted input before the program constructs SQL query statements. Attackers can use this vulnerability to steal cookie-based authentication, control applications, access or modify data, or exploit potential vulnerabilities in the underlying database. SAP NetWeaver 7.30 is vulnerable; other versions may also be affected

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. This case XML External entity (XXE) Vulnerability related to the problem.Service disruption by a third party (DoS) There is a possibility of being put into a state. Exploiting these issues may allow a remote attacker to bypass certain security restrictions and perform unauthorized actions or cause denial-of-service conditions. This may lead to further attacks

The Netgear WNDR3700 is a router device. The Netgear WNDR3700 Router sprintf() function has a buffer overflow when processing a specially crafted host string, allowing a remote attacker to exploit a vulnerability to submit a specially crafted request, causing the application to crash or possibly execute arbitrary code.

Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. Cisco ASR 1000 Runs on series devices Cisco IOS XE There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in the Cisco IOS XE's Zone-Based Firewall (ZBFW) TCP or UDP functionality. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtt26470

The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. Vendors have confirmed this vulnerability Bug ID CSCuh19936 It is released as.By a third party NAT A large amount via PPTP Service interruption due to packet transmission ( Device reload ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. After successful use, the system can be overloaded. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh19936. The vulnerability is caused by the program not filtering PPTP packets correctly

The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Because the program fails to handle a large number of TCP reassembly messages correctly, remote attackers can exploit the vulnerability to cause system overload. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. These issues are being tracked by Cisco Bug ID CSCud72509

Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The attacker failed to properly handle malformed EoGRE packets. The attacker exploited this vulnerability by sending malformed IPv4 or IPv6 EoGRE packets to affected devices configured with the EoGRE interface. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf08269

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of POST requests. By sending a malformed POST, an attacker is able to overflow a heap buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of the DataHub process. Cogent Real-Time Systems Cogent DataHub is a set of real-time data solutions from Canada's Cogent Real-Time Systems. It belongs to SCADA (Data Acquisition and Monitoring Control System) and automation software. A denial of service vulnerability exists in versions of Cogent DataHub prior to 7.3.4. An attacker could use this vulnerability to crash the server and deny legitimate users. Failed exploit attempts will likely result in denial-of-service conditions

The ADB Discus DRG A125G 'wansinglecfg.cmd' script has a security vulnerability that allows a remote attacker to exploit a vulnerability to submit a request for password information. Discus DRG A125G is a wireless router product from Swiss ADB company. A password disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G version has vulnerabilities, other versions may also be affected

Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks