VARIoT IoT vulnerabilities database

The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. When the Phase 2 IPsec Security Associations (SAs) use the AES-GCM or AES-GMAC algorithm, the IPsec Phase 2 SA anti-replay feature is not properly logically encoded. An attacker exploited this vulnerability by sending an IPsec tunnel traversal request. Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks

Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199. Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCui51199. A denial of service vulnerability exists in the SSL VPN functionality in Cisco ASA. When configured with the same-security-traffic and management-access options, a remote attacker can exploit this vulnerability by sending a specially crafted URL to cause denial of service (stack buffer overflow and device restart)

Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCub54349. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There is a denial of service in CUCM. The vulnerability is caused by the program not correctly parsing SIP messages

ASUS RT-N13U is a wireless router product from ASUS. A security vulnerability exists in the ASUS RT-N13U router. An unauthorized attacker could use this vulnerability to gain root access to the affected device, which could lead to full control of the affected device

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-601: Identified as open redirect. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. An open redirection vulnerability exists in IBM TFIM and TFIMBG. The following versions are affected: IBM TFIM v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions and TFIMBG v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions

Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks. Juniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. An attacker can exploit this issue to execute arbitrary commands with the privileges of the root user. This issue is being tracked by Cisco Bug ID CSCuh81511. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. Shenzhen TVT Digital Technology Co., Ltd. Provided by TD-2308SS-B The directory traversal (CWE-22) Vulnerabilities exist. As a result, you may be able to access the product as an administrator. TVT TD-2308SS-B DVR is a hard disk recorder developed by Shenzhen Company. TVT TD-2308SS-B DVR is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks. TVT TD-2308SS-B DVR running firmware version 3.2.0.P-3520A-00 is vulnerable; other versions may also be affected

Level One EAP Devices is a wireless AP device. Level One EAP Devices backupCfg.egi incorrectly handles post-redirect termination, allowing unauthenticated remote attackers to exploit vulnerabilities to obtain administrator authentication credentials in backup information.

The TRENDnet N300 1.0R is a router device. There are several unspecified security vulnerabilities in the TRENDnet N300 1.0R, and no detailed vulnerability details are available.

IZON IP 2.0.2: hard-coded password vulnerability. IZON IP Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IZON is a network camera product produced by Stem Innovation. An attacker could exploit this vulnerability to bypass authentication mechanisms and vulnerable devices for administrative access

The Netgear WNDR3700 Router 'cmd_ping6()' function incorrectly filters user input, allowing an attacker to exploit a vulnerability to submit a specially crafted POST request to apply.cgi to execute arbitrary commands. Netgear WNDR3700 is a wireless router product from NetGear. A remote command injection vulnerability exists in the Netgear WNDR3700 router using version 4 firmware. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device with root privileges. Netgear WNDR3700 routers running firmware 4 are vulnerable

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. Cisco Identity Services Engine is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCue94287. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. The Cisco Catalyst 3750 Series Switch is an innovative switch that increases LAN efficiency by combining industry-leading ease of use with the highest resiliency of stackable switches. Allows an attacker to exploit the vulnerability to gain full access to the affected device. This issue is tracked by Cisco Bug ID CSCue92286

Netgear WNDR3700 is a wireless router product from NetGear. A remote authentication bypass vulnerability exists in the Netgear WNDR3700 router using version 4 firmware, affecting the web-based management interface. An attacker could use this vulnerability to bypass the authentication mechanism and gain access to the affected device. Netgear WNDR3700 routers running firmware 4 are vulnerable

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. SAP NetWeaver is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Given the nature of this issue, attacker may also be able to cause a denial-of-service condition

Tenda is a network equipment provider in Shenzhen. There are backdoors in Tenda's W330R and W302R wireless router firmware latest versions and Medialink MWN-WAPR150N. The vulnerability can be exploited through a UDP packet. If the device receives a packet starting with the string "w302r_mfg", it can trigger the vulnerability to execute various commands, and even execute any command with root privileges.

HP is the world's leading high-tech provider, offering a full line of notebooks, desktops, workstations and more. Some networked HP laser printers contain hard-coded URLs in the firmware. These URLs (for example: http://ip_address/dev/save_restore.xml, http://ip_address:8080/IoMgmt/Adapters/wifi0/WPS/Pin) can be accessed without authentication. Then get the plain text administrator password and other information such as WiFi settings.

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCty20405. Versions prior to Cisco Identity Services Engine 1.1.1 are vulnerable. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system to download a complete product support package and obtain sensitive information

Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. Vendors have confirmed this vulnerability Bug ID CSCuh30380 It is released as.By a third party (1) IPv4 Or (2) IPv6 Service disruption through traffic ( Stop sending ) There is a possibility of being put into a state. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. Lead to a denial of service attack. The following processors are affected by this vulnerability: Cisco CRS 16-Slot Line Card Chassis Route Processor (RP-A) Cisco CRS 16-Slot Line Card Chassis Route Processor B (RP-B) Carrier Routing System (CRS) Performance Route Processor (PRP) ) Cisco CRS Distributed Route Processor (DRP-B). Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuh30380. The vulnerability stems from the fact that the router processor components (including: RP-A, RP-B, PRP, DRP-B) do not properly process segmented data Bag. A remote attacker could exploit this vulnerability to cause a denial of service (transmission interruption) by sending fragmented packets to an affected system