VARIoT IoT vulnerabilities database

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. The HP ElitePad 900 is a tablet for business people. A configuration vulnerability exists in the HP ElitePad 900 PCs with BIOS. HP ElitePad 900 is prone to a local security-bypass vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03727435 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03727435 Version: 1 HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-04-23 Last Updated: 2013-04-23 Potential Security Impact: Secure Boot configuration inconsistency Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified with certain HP ElitePad tablet PCs. References: CVE-2012-5218 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP ElitePad 900 with BIOS version vF.00 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-5218 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION To resolve this vulnerability, HP has provided a BIOS firmware update. Select "Support & Drivers" Select Drivers and Software, then enter "ElitePad 900" as the model number Select the correct model number Select the Operating System running on the ElitePad - From the product support page, download and install the "HP ElitePad 900 Driver and Firmware Update" v1.0.0.8 or later. HISTORY Version:1 (rev.1) - 23 April 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlF2yskACgkQ4B86/C0qfVnyDQCghwIwIgttvW0nNZywc47wYM5K YSAAoKTN1Hh9jbtU1WBqp/nMb69sONTO =L3+9 -----END PGP SIGNATURE-----

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. Vendors have confirmed this vulnerability Bug ID CSCuf79091 , CSCug45850 It is released as.A third party may be able to circumvent access restrictions by sending network traffic during the denial period. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass the access list and perform unauthorized actions. This issue is tracked by Cisco Bug ID's CSCuf79091 and CSCug45850. Cisco Firewall Services Module (FWSM) is a firewall service module of Cisco, which is deployed on 6500 series switches and 7600 series routers to provide traffic acceleration. This can invalidate the time-range object

TRENDNet IP Camera is a webcam device. A security vulnerability exists in TRENDNet IP Camera's handling of specially crafted URLs, allowing remote attackers to exploit vulnerabilities to bypass authentication restrictions and unauthorized access to devices.

The D-LINK DIR-615/DIR-300 set/runtime/diagnostic/pingIp and exeshell parameters lack sufficient validation of the input, allowing authenticated remote attackers to exploit the vulnerability to execute arbitrary OS commands. The D-LINK DIR-615/DIR-300 incorrectly restricts access to the DevInfo.txt file, allowing remote attackers to exploit the vulnerability to submit requests directly to obtain device information, including model, hardware version, linux kernel information, firmware version, language and MAC. address. The D-LINK DIR-615/DIR-300 password storage is not hashed and stored in the /var/etc/httppasswd file in plain text, which can lead to the disclosure of sensitive information. The D-LINK DIR-615/DIR-300 change password does not require a current password, allowing an attacker to change the password without having to know the authentication credentials. D-Link DIR-600 and DIR-300 are wireless routers. The following security vulnerabilities exist in D-Link DIR-600 and DIR-300: 1. Multiple command injection vulnerabilities 2. Cross-site request forgery vulnerabilities 3. Cross-site scripting vulnerabilities 4. Encryption algorithm vulnerabilities 5. Multiple information leakage vulnerabilities 6. HTTP header injection vulnerability 7. Security bypass vulnerability. Attackers can use these vulnerabilities to gain access to potentially sensitive information, crack stored passwords, execute arbitrary commands in the context of the affected device, steal cookie-based authentication, perform unauthorized operations in the user's session context, or redirect users Visit any website and execute HTTP request privately, there may be other forms of attacks. Other attacks are also possible

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". Netgear WNR1000v3 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetGear WNR1000 is a wireless router device. The NetGear WNR1000 device does not properly limit the restrictions on user-submitted URL requests, allowing an attacker to exploit the vulnerability to add \".jpg\" to the URL to bypass restrictions and access arbitrary files, such as configuration files

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. Netgear WNR1000v3 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetGear WNR1000 is a wireless router device. The NetGear WNR1000 device does not properly limit the restrictions on user-submitted URL requests, allowing an attacker to exploit the vulnerability to add \".jpg\" to the URL to bypass restrictions and access arbitrary files, such as configuration files

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. An attacker can exploit this issue to obtain access sensitive information which may aid in further attacks. This issue is tracked by Cisco BugId CSCuf77546. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is an operation and maintenance system developed by Cisco Systems for its network devices. A common vulnerability exists in the general purpose input/output control mechanism of Cisco IOS devices, allowing authenticated remote attackers to exploit vulnerabilities to overload the Supervisor Engine or device. The vulnerability is due to incorrect buffer handling, which could be triggered by an attacker submitting multiple simultaneous SNMP requests to the affected system. Cisco IOS is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a reload of the Supervisor Engine or the device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub41105

The TP-LINK TL-WR741N/TL-WR741ND incorrectly handles user-submitted requests, allowing remote attackers to exploit the vulnerability to cause the router device's WEB interface to stop responding, causing a denial of service attack. TP-LINK TL-WR741N and TL-WR741ND are wireless routers. Multiple denial of service vulnerabilities exist in the TP-LINK TL-WR741N and TL-WR741ND routers. When processing specially crafted HTTP requests, attackers can use these vulnerabilities to cause the device to crash and deny service to legitimate users

Hitachi IT Operations Director is a system management software from Hitachi, Japan, which automatically associates tasks with the IT infrastructure lifecycle. A buffer overflow vulnerability exists in Hitachi IT Operations Director. A remote attacker could use this vulnerability to execute arbitrary code with system privileges and could also cause a denial of service. Failed exploit attempts will likely result in a denial-of-service condition

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi. D-Link DIR-865L Router (Rev. The D-Link DIR-865L is an enterprise-class wireless routing device. D-Link DIR-865L has a cross-site request forgery vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Such as changing the login password, enabling some services, etc. D-Link DIR-865L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub58996

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database and execute arbitrary code. This issue is tracked by Cisco BugID CSCub23095

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. Vendors have confirmed this vulnerability Bug ID CSCuc11328 ,and CSCub05448 It is released as.By a third party (1) SIP Session, or (2) H.323 Cleverly crafted in session RTP Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence is a set of video conferencing solutions called "Telepresence" systems from Cisco (USA). This solution provides components such as audio and video space, which can provide remote participants with a "face-to-face" virtual conference room effect. A denial of service vulnerability exists in several Cisco TelePresence products. An attacker could use this vulnerability to reload the device and deny legitimate users. The vulnerability exists in the following products: Cisco TelePresence MCU, Cisco TelePresence Server. The vulnerability originates from the program H.264 data is not properly validated

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. Vendors have confirmed this vulnerability Bug ID CSCue73708 It is released as.A third party may enumerate groups through a series of messages. Cisco Adaptive Security Appliance is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain remote access VPN groups configured in a Cisco ASA device; information obtained may aid in further attacks. This issue is tracked by Cisco BugId CSCue73708

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a remote cross-site scripting attack that allows remote attackers to exploit exploits to build specially crafted URIs that trick users into parsing, gaining sensitive information or hijacking user sessions. NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetGear WNDR4700 running firmware 1.0.0.34 is vulnerable

TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. The TP-LINK TL-WR1043ND is a wireless router device. The TP-LINK TL-WR1043ND router has an unexplained defect that allows remote attackers to exploit the vulnerability to perform a denial of service attack on the device. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. A remote attacker can exploit this issue to cause denial-of-service conditions

A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. NETGEAR Centria WNDR4700 The firmware contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a limited path traversal problem. Because the application does not properly filter the user-submitted input, a directory traversal attack (such as ../../) can be performed in SMB via symbolic links. NetGear WNDR4700 is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the restricted directory to obtain sensitive information and perform other attacks

An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. The Netgear WNDR4700 is a wireless router device. The NetgearWNDR4700 has an unspecified security vulnerability that allows an attacker to exploit a vulnerability to obtain sensitive information. There are no detailed vulnerability details available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. NETGEAR Centria WNDR4700 There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has an unidentified vulnerability that allows unauthenticated attackers to exploit the vulnerability to connect any hardware to the device. No detailed vulnerability details are currently available. Netgear WNDR4700 routers are prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. NetGear WNDR4700 routers running firmware 1.0.0.34 are vulnerable