VARIoT IoT vulnerabilities database

The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. Cisco Secure Access Control System is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCue65957. The system can respectively control network access and network device access through RADIUS and TACACS protocols. A remote attacker could exploit this vulnerability to view detailed error message information by sending a specially crafted request to trigger the error

Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. Huawei E587 3G Mobile hotspots include: OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Huawei E587 3G Mobile Hotspot is a wireless router device that supports 3G. There are currently no detailed solutions available. Huawei E587 is prone to a command-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Huawei E587 11.203.27 is vulnerable; other versions may also be affected

The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired

The Verizon Wireless Network Extender SCS-2U01 has a hardcoded password for the root account, which makes it easier for physically proximate attackers to obtain administrative access by leveraging a login prompt. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized actions. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. The vulnerability stems from the program's use of a hardcoded password for the root account

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. iSEC Partners has reported that the Verizon Wireless Network Extender models SCS-26UC4 and SCS-2U01 made by Samsung are susceptible to a local compromise using a custom HDMI cable. Once compromised the device can be used to eavesdrop on voice, text and data communication for mobile devices that connect to the Network Extender. The Verizon Wireless Network Extender is a low-power cellular base station that provides Internet services using an Internet connection. The Verizon Wireless Network Extender has multiple security vulnerabilities to increase permissions or clone other user phones. Use a special console cable to connect to the device and submit a special command sequence to get the root shell. Use the SysReq (System Request) interrupt to gain access to the console and obtain the root shell. In addition, Network Extender does not use Cellular Authentication and Voice Encryption (CAVE) authentication. For mobile phone authentication, the device only uses ESN and MIN. These numbers can physically access the phone or sniff the registration message sent to Network Extender for acquisition. Defects and incorrect validation can be done by running custom code on the Network Extender and going to any phone's ESN and MIN, using these numbers to clone the phone without physical access. A local attacker exploits the vulnerability to escalate permissions and clones the phone. Attackers can use these vulnerabilities to execute arbitrary code with elevated privileges and take complete control of the device. This BID is being retired. This may aid in cloning a phone without direct physical access and without a user's knowledge

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud75170. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud75174. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. Vendors have confirmed this vulnerability Bug ID CSCud75177 It is released as.A third party may be able to hijack the authentication of any user. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug ID CSCud75177. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud75165. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Cisco Linksys WRT110 Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Linksys WRT110 is a wireless router device. The Linksys WRT110 WEB interface does not filter PING target data, nor does it lack CSRF token protection, allowing remote attackers to execute system commands by requesting forgery attacks across sites. Linksys WRT110 is prone to cross-site request-forgery and command-injection vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and execute arbitrary shell commands with root privileges. Other attacks are also possible. Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin has responded to my report to say that the vulnerability is mitigated by a 10 minute idle-timeout feature which is available for the admin portal on this device. It is likely that other devices with similar firmware are prone to this as well. The command execution will not return output but it is possible to direct output into files which are available upon subsequent HTTP requests. This issue was assigned as CVE-2013-3568. Kind Regards, Craig Young (@CraigTweets)

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. Nagstamon is a Nagios status monitor. These sensitive information can be obtained by obtaining the plaintext BASE64 data in the HTTP BASIC verification header. A remote attacker can exploit the vulnerability to obtain such sensitive information, such as authentication credentials. Nagstamon is prone to an information-disclosure vulnerability. Versions prior to Nagstamon 0.9.10 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Nagstamon: Information disclosure Date: January 06, 2014 Bugs: #476538 ID: 201401-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in Nagstamon could expose user credentials to a remote attacker. Workaround ========== There is no known workaround at this time. Resolution ========== All Nagstamon users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/nagstamon-0.9.11_rc1" References ========== [ 1 ] CVE-2013-4114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

3S Vision is a camera device. 3S N1072, N1073 and N3071 are all network cameras from Taiwan 3S. A security bypass vulnerability exists in 3S Vision N1072, N1073, N3071 Network Cameras, which originates from the use of hard-coded credentials in the program. An attacker could use this vulnerability to gain administrator access to the affected device. Vulnerabilities exist in the following versions: N1072 Network camera runs firmware version 1.07_STD-1, N1073 Network camera runs firmware version 1.02_STD-1, and N3071 Network camera runs firmware version 1.05_STD-1

The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 allows remote attackers to cause a denial of service (networking outage) via crafted packet data. AQUOS PhotoPlayer HN-PP150 contains an issue in the processing of packets, which may lead to a denial-of-service (DoS). Ayako Matsuda of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Network functions may be disabled by a remote attacker. Sharp AQUOS PhotoPlayer HN-PP150 is a picture printing and playback device. A remote attacker could exploit this vulnerability to crash an application and deny service to legitimate users. Sharp AQUOS PhotoPlayer HN-PP150 running firmware 1.03.01.04 and earlier are vulnerable. Sharp AQUOS PhotoPlayer HN-PP150 is a photo player product of Sharp Corporation of Japan. This product provides slideshow presentation, photo printing and other functions

Cisco Unified Communications Domain Manager does not properly allocate memory for GET and POST requests, which allows remote authenticated users to cause a denial of service (memory consumption and process crash) via crafted requests to the management interface, aka Bug ID CSCud22922. Cisco Unified Communications Domain Manager is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the device to consume excessive CPU resources, resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCud22922. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh74981

Asante Voyager I and Voyager II are network cameras from Asante, USA. A security bypass vulnerability exists in Asante Voyager I and Voyager II Network Cameras, which stems from the program's use of hard-coded credentials. An attacker could use this vulnerability to gain administrator access to the affected device. There are vulnerabilities in the firmware version 2.08 running Voyager I and Voyager II Network Cameras. Other versions may also be affected

ALinking ALC-9451 and ALC-9452 Network Cameras are the network camera products of Taiwan Alinking Company. There is a security bypass vulnerability in ALinking ALC-9451 and ALC-9452 Network Cameras, which stems from the program's use of hard-coded credentials. An attacker could use this vulnerability to gain administrator access to the affected device. ALC-9451 and ALC-9452 Network Cameras have vulnerabilities in version 1.33 of the firmware running. Other versions may also be affected

Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before 12.1R5-S3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on the SRX1400, SRX3400, and SRX3600 does not properly initialize memory locations used during padding of Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data, aka PR 829536, a related issue to CVE-2003-0001. Vendors have confirmed this vulnerability PR 829536 It is released as. This vulnerability CVE-2003-0001 And related issues.By reading the packet data by a third party, important information may be obtained. Multiple Juniper Gateway Products are prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information. Information obtained will aid in further attacks. Juniper Gateway Products SRX1400, SRX3400, and SRX3600 are vulnerable. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. Vendors have confirmed this vulnerability PR 772834 It is released as.Skillfully crafted by a third party MSRPC Service disruption via request ( Daemon crash ) There is a possibility of being put into a state. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will result in denial-of-service conditions. Juniper Networks Junos 10.4 is vulnerable; other versions may also be affected. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in flowd (the Flow daemon) in Juniper Junos 10.4 releases prior to 10.4R11 on SRX Series Server Gateway devices

flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R6-S2, and 12.1 before 12.1R6 on SRX devices, when certain Application Layer Gateways (ALGs) are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets, aka PRs 727980, 806269, and 835593. Juniper Networks Junos is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause the host system to crash, resulting in a denial-of-service condition. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in flowd in Juniper Junos 10.4 prior to 10.4S14, 11.4 prior to 11.2 and 11.4R6-S2, and 12.1 prior to 12.1R6 on SRX Series Server Gateway devices