VARIoT IoT vulnerabilities database
| VAR-201310-0526 | CVE-2013-5543 | Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. Cisco ASR 1000 Runs on series devices Cisco IOS XE There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in the Cisco IOS XE's Zone-Based Firewall (ZBFW) TCP or UDP functionality. Cisco IOS XE is prone to a remote denial-of-service vulnerability.
Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtt26470
| VAR-201310-0528 | CVE-2013-5545 | Cisco ASR 1000 Runs on series devices Cisco IOS XE of PPTP ALG Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. Vendors have confirmed this vulnerability Bug ID CSCuh19936 It is released as.By a third party NAT A large amount via PPTP Service interruption due to packet transmission ( Device reload ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. After successful use, the system can be overloaded.
Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCuh19936. The vulnerability is caused by the program not filtering PPTP packets correctly
| VAR-201310-0529 | CVE-2013-5546 | Cisco ASR 1000 Runs on series devices Cisco IOS XE of TCP Service disruption in reassembly function (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Because the program fails to handle a large number of TCP reassembly messages correctly, remote attackers can exploit the vulnerability to cause system overload.
Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users.
These issues are being tracked by Cisco Bug ID CSCud72509
| VAR-201310-0530 | CVE-2013-5547 | Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The attacker failed to properly handle malformed EoGRE packets. The attacker exploited this vulnerability by sending malformed IPv4 or IPv6 EoGRE packets to affected devices configured with the EoGRE interface.
Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCuf08269
| VAR-201310-0636 | No CVE | Cogent DataHub Denial of service vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of POST requests. By sending a malformed POST, an attacker is able to overflow a heap buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of the DataHub process. Cogent Real-Time Systems Cogent DataHub is a set of real-time data solutions from Canada's Cogent Real-Time Systems. It belongs to SCADA (Data Acquisition and Monitoring Control System) and automation software.
A denial of service vulnerability exists in versions of Cogent DataHub prior to 7.3.4. An attacker could use this vulnerability to crash the server and deny legitimate users. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201310-0700 | No CVE | ADB Discus DRG A125G 'wansinglecfg.cmd' Password Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ADB Discus DRG A125G 'wansinglecfg.cmd' script has a security vulnerability that allows a remote attacker to exploit a vulnerability to submit a request for password information. Discus DRG A125G is a wireless router product from Swiss ADB company.
A password disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G version has vulnerabilities, other versions may also be affected
| VAR-201311-0283 | CVE-2013-4713 | RockDisk vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201311-0291 | CVE-2013-5548 | Cisco IOS of IKEv2 Specific in the implementation of IPsec Vulnerability that avoids resending prevention function |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. When the Phase 2 IPsec Security Associations (SAs) use the AES-GCM or AES-GMAC algorithm, the IPsec Phase 2 SA anti-replay feature is not properly logically encoded. An attacker exploited this vulnerability by sending an IPsec tunnel traversal request.
Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks
| VAR-201311-0292 | CVE-2013-5551 | Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199.
Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition.
This issue is being tracked by Cisco Bug ID CSCui51199. A denial of service vulnerability exists in the SSL VPN functionality in Cisco ASA. When configured with the same-security-traffic and management-access options, a remote attacker can exploit this vulnerability by sending a specially crafted URL to cause denial of service (stack buffer overflow and device restart)
| VAR-201311-0296 | CVE-2013-5555 | Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
Attackers can exploit this issue to cause a denial of service condition.
This issue is being tracked by Cisco Bug ID CSCub54349. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There is a denial of service in CUCM. The vulnerability is caused by the program not correctly parsing SIP messages
| VAR-201310-0642 | No CVE | ASUS RT-N13U Router Unauthorized ROOT Access Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
ASUS RT-N13U is a wireless router product from ASUS.
A security vulnerability exists in the ASUS RT-N13U router. An unauthorized attacker could use this vulnerability to gain root access to the affected device, which could lead to full control of the affected device
| VAR-201311-0156 | CVE-2013-5431 | IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-601: Identified as open redirect. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. An open redirection vulnerability exists in IBM TFIM and TFIMBG. The following versions are affected: IBM TFIM v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions and TFIMBG v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions
| VAR-201310-0384 | CVE-2013-6012 | Juniper Junos Vulnerabilities that bypass authentication |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks.
Juniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence
| VAR-201310-0513 | CVE-2013-5530 | Cisco Identity Services Engine contains an input validation vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
An attacker can exploit this issue to execute arbitrary commands with the privileges of the root user.
This issue is being tracked by Cisco Bug ID CSCuh81511. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
| VAR-201311-0205 | CVE-2013-6023 | TVT TD-2308SS-B DVR File Directory Traversal Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. Shenzhen TVT Digital Technology Co., Ltd. Provided by TD-2308SS-B The directory traversal (CWE-22) Vulnerabilities exist. As a result, you may be able to access the product as an administrator. TVT TD-2308SS-B DVR is a hard disk recorder developed by Shenzhen Company. TVT TD-2308SS-B DVR is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.
TVT TD-2308SS-B DVR running firmware version 3.2.0.P-3520A-00 is vulnerable; other versions may also be affected
| VAR-201310-0805 | No CVE | Level One EAP 'Devices backupCfg.egi' Unverified Backup Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Level One EAP Devices is a wireless AP device. Level One EAP Devices backupCfg.egi incorrectly handles post-redirect termination, allowing unauthenticated remote attackers to exploit vulnerabilities to obtain administrator authentication credentials in backup information.
| VAR-201310-0802 | No CVE | There are multiple unspecified vulnerabilities in TRENDnet N300 Routers |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The TRENDnet N300 1.0R is a router device. There are several unspecified security vulnerabilities in the TRENDnet N300 1.0R, and no detailed vulnerability details are available.
| VAR-202002-0687 | CVE-2013-6236 |
IZON IP Vulnerability in using hard-coded credentials in
Related entries in the VARIoT exploits database: VAR-E-201310-0005 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
IZON IP 2.0.2: hard-coded password vulnerability. IZON IP Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IZON is a network camera product produced by Stem Innovation. An attacker could exploit this vulnerability to bypass authentication mechanisms and vulnerable devices for administrative access
| VAR-201310-0702 | No CVE | Netgear WNDR3700 Router 'cmd_ping6()' Remote Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Netgear WNDR3700 Router 'cmd_ping6()' function incorrectly filters user input, allowing an attacker to exploit a vulnerability to submit a specially crafted POST request to apply.cgi to execute arbitrary commands. Netgear WNDR3700 is a wireless router product from NetGear.
A remote command injection vulnerability exists in the Netgear WNDR3700 router using version 4 firmware. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device with root privileges.
Netgear WNDR3700 routers running firmware 4 are vulnerable
| VAR-201310-0504 | CVE-2013-5521 | Cisco Identity Services Engine Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. Cisco Identity Services Engine is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition.
This issue is being tracked by Cisco Bug ID CSCue94287. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies