VARIoT IoT vulnerabilities database

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. The Belkin N900 Dual-Band Wireless Router is a wireless router device. The Belkin N900 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the incorrect filtering of the 'ssid2' parameter in the wl_channel.html page and the incorrect filtering of the 'guest_psk' parameter in the wl_guest.html page

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. D-Link DIR865L There is an authentication vulnerability in.Information may be tampered with. The D-Link DIR-865L is an enterprise-class wireless routing device. No detailed vulnerability details are available. D-Link DIR-865L is prone to a security-bypass vulnerability. Very limited information is currently available regarding this issue. We will update this BID as more information emerges. Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthorized access to the affected device. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. Belkin F5D8236-4 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a verification bypass vulnerability that allows remote attackers to exploit vulnerabilities without requiring authorization to access the application. There are no detailed vulnerability details available

Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. The Belkin F5D8236-4 N is a wireless router device. Such as changing the administrator password, enabling the management interface, etc. Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Belkin F5D8236-4 is a wireless router product of Belkin Company in the United States. There is a cross-site request forgery vulnerability in the cgi-bin/system_setting.exe file of Belkin F5D8236-4 v2 version

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. The Linksys WRT310N is a wireless router device. The Cisco Linksys WRT310N Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device

Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. Linksys WRT310N Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The Linksys WRT310N is a wireless router device. A cross-site scripting vulnerability exists in the Linksys WRT310N router that allows remote attackers to exploit malicious HTML or script code to gain sensitive information or hijack user sessions. The Cisco Linksys WRT310N Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. The HP ElitePad 900 is a tablet for business people. A configuration vulnerability exists in the HP ElitePad 900 PCs with BIOS. HP ElitePad 900 is prone to a local security-bypass vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03727435 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03727435 Version: 1 HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-04-23 Last Updated: 2013-04-23 Potential Security Impact: Secure Boot configuration inconsistency Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential vulnerability has been identified with certain HP ElitePad tablet PCs. References: CVE-2012-5218 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP ElitePad 900 with BIOS version vF.00 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-5218 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION To resolve this vulnerability, HP has provided a BIOS firmware update. Select "Support & Drivers" Select Drivers and Software, then enter "ElitePad 900" as the model number Select the correct model number Select the Operating System running on the ElitePad - From the product support page, download and install the "HP ElitePad 900 Driver and Firmware Update" v1.0.0.8 or later. HISTORY Version:1 (rev.1) - 23 April 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlF2yskACgkQ4B86/C0qfVnyDQCghwIwIgttvW0nNZywc47wYM5K YSAAoKTN1Hh9jbtU1WBqp/nMb69sONTO =L3+9 -----END PGP SIGNATURE-----

The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. Vendors have confirmed this vulnerability Bug ID CSCuf79091 , CSCug45850 It is released as.A third party may be able to circumvent access restrictions by sending network traffic during the denial period. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass the access list and perform unauthorized actions. This issue is tracked by Cisco Bug ID's CSCuf79091 and CSCug45850. Cisco Firewall Services Module (FWSM) is a firewall service module of Cisco, which is deployed on 6500 series switches and 7600 series routers to provide traffic acceleration. This can invalidate the time-range object

TRENDNet IP Camera is a webcam device. A security vulnerability exists in TRENDNet IP Camera's handling of specially crafted URLs, allowing remote attackers to exploit vulnerabilities to bypass authentication restrictions and unauthorized access to devices.

The D-LINK DIR-615/DIR-300 set/runtime/diagnostic/pingIp and exeshell parameters lack sufficient validation of the input, allowing authenticated remote attackers to exploit the vulnerability to execute arbitrary OS commands. The D-LINK DIR-615/DIR-300 incorrectly restricts access to the DevInfo.txt file, allowing remote attackers to exploit the vulnerability to submit requests directly to obtain device information, including model, hardware version, linux kernel information, firmware version, language and MAC. address. The D-LINK DIR-615/DIR-300 password storage is not hashed and stored in the /var/etc/httppasswd file in plain text, which can lead to the disclosure of sensitive information. The D-LINK DIR-615/DIR-300 change password does not require a current password, allowing an attacker to change the password without having to know the authentication credentials. D-Link DIR-600 and DIR-300 are wireless routers. The following security vulnerabilities exist in D-Link DIR-600 and DIR-300: 1. Multiple command injection vulnerabilities 2. Cross-site request forgery vulnerabilities 3. Cross-site scripting vulnerabilities 4. Encryption algorithm vulnerabilities 5. Multiple information leakage vulnerabilities 6. HTTP header injection vulnerability 7. Security bypass vulnerability. Attackers can use these vulnerabilities to gain access to potentially sensitive information, crack stored passwords, execute arbitrary commands in the context of the affected device, steal cookie-based authentication, perform unauthorized operations in the user's session context, or redirect users Visit any website and execute HTTP request privately, there may be other forms of attacks. Other attacks are also possible

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". Netgear WNR1000v3 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetGear WNR1000 is a wireless router device. The NetGear WNR1000 device does not properly limit the restrictions on user-submitted URL requests, allowing an attacker to exploit the vulnerability to add \".jpg\" to the URL to bypass restrictions and access arbitrary files, such as configuration files

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. Netgear WNR1000v3 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetGear WNR1000 is a wireless router device. The NetGear WNR1000 device does not properly limit the restrictions on user-submitted URL requests, allowing an attacker to exploit the vulnerability to add \".jpg\" to the URL to bypass restrictions and access arbitrary files, such as configuration files

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. An attacker can exploit this issue to obtain access sensitive information which may aid in further attacks. This issue is tracked by Cisco BugId CSCuf77546. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

The generic input/output control implementation in Cisco IOS does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests at the same time, aka Bug ID CSCub41105. ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is an operation and maintenance system developed by Cisco Systems for its network devices. A common vulnerability exists in the general purpose input/output control mechanism of Cisco IOS devices, allowing authenticated remote attackers to exploit vulnerabilities to overload the Supervisor Engine or device. The vulnerability is due to incorrect buffer handling, which could be triggered by an attacker submitting multiple simultaneous SNMP requests to the affected system. Cisco IOS is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a reload of the Supervisor Engine or the device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub41105

The TP-LINK TL-WR741N/TL-WR741ND incorrectly handles user-submitted requests, allowing remote attackers to exploit the vulnerability to cause the router device's WEB interface to stop responding, causing a denial of service attack. TP-LINK TL-WR741N and TL-WR741ND are wireless routers. Multiple denial of service vulnerabilities exist in the TP-LINK TL-WR741N and TL-WR741ND routers. When processing specially crafted HTTP requests, attackers can use these vulnerabilities to cause the device to crash and deny service to legitimate users

Hitachi IT Operations Director is a system management software from Hitachi, Japan, which automatically associates tasks with the IT infrastructure lifecycle. A buffer overflow vulnerability exists in Hitachi IT Operations Director. A remote attacker could use this vulnerability to execute arbitrary code with system privileges and could also cause a denial of service. Failed exploit attempts will likely result in a denial-of-service condition

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi. D-Link DIR-865L Router (Rev. The D-Link DIR-865L is an enterprise-class wireless routing device. D-Link DIR-865L has a cross-site request forgery vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Such as changing the login password, enabling some services, etc. D-Link DIR-865L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. An attacker can exploit this issue to reload an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCub58996

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database and execute arbitrary code. This issue is tracked by Cisco BugID CSCub23095

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. Vendors have confirmed this vulnerability Bug ID CSCuc11328 ,and CSCub05448 It is released as.By a third party (1) SIP Session, or (2) H.323 Cleverly crafted in session RTP Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence is a set of video conferencing solutions called "Telepresence" systems from Cisco (USA). This solution provides components such as audio and video space, which can provide remote participants with a "face-to-face" virtual conference room effect. A denial of service vulnerability exists in several Cisco TelePresence products. An attacker could use this vulnerability to reload the device and deny legitimate users. The vulnerability exists in the following products: Cisco TelePresence MCU, Cisco TelePresence Server. The vulnerability originates from the program H.264 data is not properly validated