VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201310-0526 CVE-2013-5543 Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. Cisco ASR 1000 Runs on series devices Cisco IOS XE There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A security vulnerability exists in the Cisco IOS XE's Zone-Based Firewall (ZBFW) TCP or UDP functionality. Cisco IOS XE is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtt26470
VAR-201310-0528 CVE-2013-5545 Cisco ASR 1000 Runs on series devices Cisco IOS XE of PPTP ALG Service disruption in implementations (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. Vendors have confirmed this vulnerability Bug ID CSCuh19936 It is released as.By a third party NAT A large amount via PPTP Service interruption due to packet transmission ( Device reload ) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. After successful use, the system can be overloaded. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuh19936. The vulnerability is caused by the program not filtering PPTP packets correctly
VAR-201310-0529 CVE-2013-5546 Cisco ASR 1000 Runs on series devices Cisco IOS XE of TCP Service disruption in reassembly function (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Because the program fails to handle a large number of TCP reassembly messages correctly, remote attackers can exploit the vulnerability to cause system overload. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. These issues are being tracked by Cisco Bug ID CSCud72509
VAR-201310-0530 CVE-2013-5547 Cisco ASR 1000 Runs on series devices Cisco IOS XE Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The attacker failed to properly handle malformed EoGRE packets. The attacker exploited this vulnerability by sending malformed IPv4 or IPv6 EoGRE packets to affected devices configured with the EoGRE interface. Successful exploits may allow an attackers to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuf08269
VAR-201310-0636 No CVE Cogent DataHub Denial of service vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of POST requests. By sending a malformed POST, an attacker is able to overflow a heap buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of the DataHub process. Cogent Real-Time Systems Cogent DataHub is a set of real-time data solutions from Canada's Cogent Real-Time Systems. It belongs to SCADA (Data Acquisition and Monitoring Control System) and automation software. A denial of service vulnerability exists in versions of Cogent DataHub prior to 7.3.4. An attacker could use this vulnerability to crash the server and deny legitimate users. Failed exploit attempts will likely result in denial-of-service conditions
VAR-201310-0700 No CVE ADB Discus DRG A125G 'wansinglecfg.cmd' Password Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The ADB Discus DRG A125G 'wansinglecfg.cmd' script has a security vulnerability that allows a remote attacker to exploit a vulnerability to submit a request for password information. Discus DRG A125G is a wireless router product from Swiss ADB company. A password disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G version has vulnerabilities, other versions may also be affected
VAR-201311-0283 CVE-2013-4713 RockDisk vulnerable to cross-site scripting CVSS V2: 3.5
CVSS V3: -
Severity: LOW
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201311-0291 CVE-2013-5548 Cisco IOS of IKEv2 Specific in the implementation of IPsec Vulnerability that avoids resending prevention function CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. When the Phase 2 IPsec Security Associations (SAs) use the AES-GCM or AES-GMAC algorithm, the IPsec Phase 2 SA anti-replay feature is not properly logically encoded. An attacker exploited this vulnerability by sending an IPsec tunnel traversal request. Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks
VAR-201311-0292 CVE-2013-5551 Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities CVSS V2: 6.3
CVSS V3: -
Severity: MEDIUM
Cisco Adaptive Security Appliance (ASA) Software, when certain same-security-traffic and management-access options are enabled, allows remote authenticated users to cause a denial of service (stack overflow and device reload) by using the clientless SSL VPN portal for internal-resource browsing, aka Bug ID CSCui51199. Attackers can exploit this issue to cause an affected system to reload, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCui51199. A denial of service vulnerability exists in the SSL VPN functionality in Cisco ASA. When configured with the same-security-traffic and management-access options, a remote attacker can exploit this vulnerability by sending a specially crafted URL to cause denial of service (stack buffer overflow and device restart)
VAR-201311-0296 CVE-2013-5555 Cisco Unified Communications Manager Service disruption in (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. Attackers can exploit this issue to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCub54349. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There is a denial of service in CUCM. The vulnerability is caused by the program not correctly parsing SIP messages
VAR-201310-0642 No CVE ASUS RT-N13U Router Unauthorized ROOT Access Vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
ASUS RT-N13U is a wireless router product from ASUS. A security vulnerability exists in the ASUS RT-N13U router. An unauthorized attacker could use this vulnerability to gain root access to the affected device, which could lead to full control of the affected device
VAR-201311-0156 CVE-2013-5431 IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-601: Identified as open redirect. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. An open redirection vulnerability exists in IBM TFIM and TFIMBG. The following versions are affected: IBM TFIM v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions and TFIMBG v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions
VAR-201310-0384 CVE-2013-6012 Juniper Junos Vulnerabilities that bypass authentication CVSS V2: 8.5
CVSS V3: -
Severity: HIGH
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks. Juniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence
VAR-201310-0513 CVE-2013-5530 Cisco Identity Services Engine contains an input validation vulnerability CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. An attacker can exploit this issue to execute arbitrary commands with the privileges of the root user. This issue is being tracked by Cisco Bug ID CSCuh81511. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-201311-0205 CVE-2013-6023 TVT TD-2308SS-B DVR File Directory Traversal Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. Shenzhen TVT Digital Technology Co., Ltd. Provided by TD-2308SS-B The directory traversal (CWE-22) Vulnerabilities exist. As a result, you may be able to access the product as an administrator. TVT TD-2308SS-B DVR is a hard disk recorder developed by Shenzhen Company. TVT TD-2308SS-B DVR is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks. TVT TD-2308SS-B DVR running firmware version 3.2.0.P-3520A-00 is vulnerable; other versions may also be affected
VAR-201310-0805 No CVE Level One EAP 'Devices backupCfg.egi' Unverified Backup Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Level One EAP Devices is a wireless AP device. Level One EAP Devices backupCfg.egi incorrectly handles post-redirect termination, allowing unauthenticated remote attackers to exploit vulnerabilities to obtain administrator authentication credentials in backup information.
VAR-201310-0802 No CVE There are multiple unspecified vulnerabilities in TRENDnet N300 Routers CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The TRENDnet N300 1.0R is a router device. There are several unspecified security vulnerabilities in the TRENDnet N300 1.0R, and no detailed vulnerability details are available.
VAR-202002-0687 CVE-2013-6236 IZON IP Vulnerability in using hard-coded credentials in

Related entries in the VARIoT exploits database: VAR-E-201310-0005
CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
IZON IP 2.0.2: hard-coded password vulnerability. IZON IP Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IZON is a network camera product produced by Stem Innovation. An attacker could exploit this vulnerability to bypass authentication mechanisms and vulnerable devices for administrative access
VAR-201310-0702 No CVE Netgear WNDR3700 Router 'cmd_ping6()' Remote Command Injection Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The Netgear WNDR3700 Router 'cmd_ping6()' function incorrectly filters user input, allowing an attacker to exploit a vulnerability to submit a specially crafted POST request to apply.cgi to execute arbitrary commands. Netgear WNDR3700 is a wireless router product from NetGear. A remote command injection vulnerability exists in the Netgear WNDR3700 router using version 4 firmware. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device with root privileges. Netgear WNDR3700 routers running firmware 4 are vulnerable
VAR-201310-0504 CVE-2013-5521 Cisco Identity Services Engine Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. Cisco Identity Services Engine is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCue94287. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies