VARIoT IoT vulnerabilities database

Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before 6.1(1) and MDS 9000 devices 4.x and 5.x before 5.2(5) allows remote authenticated users to execute arbitrary code via a crafted SNMP request, aka Bug ID CSCtx54822. Nexus 7000 and MDS 9000 Runs on the device Cisco NX-OS of SNMP There is a buffer overflow vulnerability in the implementation of. Vendors have confirmed this vulnerability CSCtx54822 It is released as.Crafted by remotely authenticated users SNMP Arbitrary code may be executed via a request. The Cisco MDS 9000 is a family of multi-layer intelligent optical channel switches from Cisco. Cisco Nexus is a data center-class switch from Cisco. SNMP is disabled by default and requires administrator configuration before it can be used. Since SNMP is mainly based on the UDP protocol, it can be utilized without completing the TCP three-way handshake, and the attack can be performed by forging the source. The attacker needs to know the public strings of SNMP V1 and V1 to exploit this vulnerability. An SNMP V3 device is configured. The attacker needs a valid username and password for use. Multiple Cisco NX-OS-Based products are prone to a buffer-overflow vulnerability. This issue is being tracked by Cisco Bug ID CSCtx54822. Attackers can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in denial-of-service conditions

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389. plural Cisco Run on product Cisco NX-OS There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. The Cisco Unified Computing System simplifies IT management and increases flexibility by consolidating unified computing, networking, storage access, and virtualization into one system. Cisco Nexus is a data center-class switch from Cisco. This vulnerability is not triggered by oversized messages that pass through the device switch fabric. Multiple Cisco NX-OS-Based products are prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCtx17544, CSCts10593, and CSCtx95389

The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. Cisco Unified Computing System is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and impersonate other users of the system. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtc91207. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Buffer overflow in the Intelligent Platform Management Interface (IPMI) functionality in the Manager component in Cisco Unified Computing System (UCS) 1.0 and 1.1 before 1.1(1j) and 1.2 before 1.2(1b) allows remote attackers to execute arbitrary code via malformed data in a UDP packet, aka Bug ID CSCtd32371. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtd32371. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. Vendors have confirmed this vulnerability Bug ID CSCtg48206 It is released as.Third-party service disruption through malformed requests ( Service stop ) There are vulnerabilities that are put into a state. Cisco Unified Computing System is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the service to stop responding resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtg48206. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka Bug ID CSCtq86543. Successful exploits will allow attackers to obtain sensitive information. This may result in the complete compromise of the system. This issue is tracked by Cisco Bug ID CSCtq86543. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before 2.0(2m) allows remote attackers to bypass KVM authentication via a crafted authentication request to a Cisco Integrated Management Controller (IMC), aka Bug ID CSCts53746. An attacker can exploit this issue to bypass the authentication mechanism and gain access to the IP KVM console of the physical or virtual device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCts53746. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. Vendors have confirmed this vulnerability Bug ID CSCty17417 and CSCty10802 It is released as.Skillfully crafted by a third party element-manager.jnlp Through the file Windows An arbitrary code may be executed on the client machine. Successful exploits may allow an attacker to execute arbitrary commands with the privileges of the user running the affected application. These issues are being tracked by Cisco Bug IDs CSCty17417 and CSCty10802

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. The TP-LINK TL-WR1043ND is a wireless router device. The TP-LINK TL-WR1043ND router has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice login users to resolve, perform malicious operations in the target user context, change administrator passwords, or enable management services. The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. Belkin N300 Wi-Fi N is a wireless router product from Belkin. Attackers can use security bypass vulnerabilities, bypass specific security restrictions, and perform certain specific unauthorized operations

Ruckus ZoneFlex Access Point is a centralized 802.11g wireless AP. Ruckus ZoneFlex Access Point incorrectly filters port 53 and allows remote attackers to use the vulnerability to create SSH tunnels to bypass authentication and access the Internet without restrictions.

Hitachi IT Operation Director Agent in client PC contains a buffer overflow vulnerability.A remote attacker could execute arbitrary code with system privileges.

Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, gain sensitive information, or hijack user sessions. The Belkin F5D8236-4 Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Belkin Model F5D8236-4 v2 Router is a wireless router product of Belkin Company in the United States

Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file. The etgear DGND3700 is a wireless router device. The Netgear DGND3700 ping.cgi script incorrectly filters user-submitted input, allowing authenticated remote attackers to exploit a vulnerability to submit a special POST request to execute arbitrary commands. WinArchiver is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. WinArchiver 3.2 is vulnerable; other versions may also be affected. ############################################################################## - RealPentesting Advisory - ############################################################################### Title: SEH BUFFER OVERFLOW IN WINARCHIVER V.3.2 Severity: Critical History: 24.Apr.2013 Vulnerability reported Authors: Josep Pi Rodriguez, Pedro Guillen Nuñez , Miguel Angel de Castro Simon Organization: RealPentesting URL: http://www.realpentesting.blogspot.com Product: WinArchiver Version: 3.2 Vendor: PowerSoftware Url Vendor: http://winarchiver.com Platform: Windows Type of vulnerability: SEH buffer overflow Issue fixed in version: (Not fixed) CVE identifier: CVE-2013-5660 [ DESCRIPTION SOFTWARE ] From vendor website: WinArchiver is a powerful archive utility, which can open, create, and manage archive files. It supports almost all archive formats, including zip, rar, 7z, iso, and other popular formats. WinArchiver can also mount the archive to a virtual drive without extraction. [ VULNERABILITY DETAILS ] WinArchiver suffers from a SEH based overflow Above you can see the debugged process after the seh overflow. As you can see in the bold letters the structure exception handler (seh) has overwritten by 00410041 which is manipulated by us. The proof of concept .zip file is attached in this mail. You have to open the .zip with WinArchiver and click the extract button in order to trigger the vulnerability. Registers --------- eax=00000041 ebx=000017a6 ecx=043b0000 edx=7fffdf41 esi=043aed84 edi=043aed58 eip=004e64cb esp=043ae8cc ebp=043ae8d0 iopl=0 nv up ei pl nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213 *** ERROR: Module load completed but symbols could not be loaded for C:\Archivos de Programa\WinArchiver\WinArchiver.exe WinArchiver+0xe64cb: 004e64cb 668901 mov word ptr [ecx],ax ds:0023:043b0000=???? Seh chain ---------- !exchain 043aff0c: WinArchiver+10041 (00410041) Invalid exception stack at 00410041 By opening a specially crafted zip file, it is possible to execute arbitrary code.We can sucesfully exploit the vulnerability in order to gain code execution. [ VENDOR COMMUNICATION ] 20/04/2013 : vendor contacted.No response 24/04/2013 : vendor contacted again.No response 29/04/2013: PUBLIC DISCLOSURE

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. The Belkin N900 Dual-Band Wireless Router is a wireless router device. The Belkin N900 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the incorrect filtering of the 'ssid2' parameter in the wl_channel.html page and the incorrect filtering of the 'guest_psk' parameter in the wl_guest.html page

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. D-Link DIR865L There is an authentication vulnerability in.Information may be tampered with. The D-Link DIR-865L is an enterprise-class wireless routing device. No detailed vulnerability details are available. D-Link DIR-865L is prone to a security-bypass vulnerability. Very limited information is currently available regarding this issue. We will update this BID as more information emerges. Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthorized access to the affected device. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. Belkin F5D8236-4 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a verification bypass vulnerability that allows remote attackers to exploit vulnerabilities without requiring authorization to access the application. There are no detailed vulnerability details available

Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. The Belkin F5D8236-4 N is a wireless router device. Such as changing the administrator password, enabling the management interface, etc. Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Belkin F5D8236-4 is a wireless router product of Belkin Company in the United States. There is a cross-site request forgery vulnerability in the cgi-bin/system_setting.exe file of Belkin F5D8236-4 v2 version

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. The Linksys WRT310N is a wireless router device. The Cisco Linksys WRT310N Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device

Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. Linksys WRT310N Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The Linksys WRT310N is a wireless router device. A cross-site scripting vulnerability exists in the Linksys WRT310N router that allows remote attackers to exploit malicious HTML or script code to gain sensitive information or hijack user sessions. The Cisco Linksys WRT310N Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks