VARIoT IoT vulnerabilities database

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. Sagemcom of F@st 3686 A session expiration vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace", for ease of communication.CVE-2024-2193 AffectedCVE-2024-2193 Affected. AMD CPUs are a series of CPUs manufactured by AMD. AMD CPUs contain a race condition vulnerability. This vulnerability stems from improper handling of concurrent access when concurrent code needs to access shared resources mutually exclusively during network system or product operation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #918669, #921355, #923741, #928620, #929038 ID: 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ app-emulation/xen < 4.17.4 >= 4.17.4 Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4" References ========== [ 1 ] CVE-2022-4949 https://nvd.nist.gov/vuln/detail/CVE-2022-4949 [ 2 ] CVE-2022-42336 https://nvd.nist.gov/vuln/detail/CVE-2022-42336 [ 3 ] CVE-2023-28746 https://nvd.nist.gov/vuln/detail/CVE-2023-28746 [ 4 ] CVE-2023-34319 https://nvd.nist.gov/vuln/detail/CVE-2023-34319 [ 5 ] CVE-2023-34320 https://nvd.nist.gov/vuln/detail/CVE-2023-34320 [ 6 ] CVE-2023-34321 https://nvd.nist.gov/vuln/detail/CVE-2023-34321 [ 7 ] CVE-2023-34322 https://nvd.nist.gov/vuln/detail/CVE-2023-34322 [ 8 ] CVE-2023-34323 https://nvd.nist.gov/vuln/detail/CVE-2023-34323 [ 9 ] CVE-2023-34324 https://nvd.nist.gov/vuln/detail/CVE-2023-34324 [ 10 ] CVE-2023-34325 https://nvd.nist.gov/vuln/detail/CVE-2023-34325 [ 11 ] CVE-2023-34327 https://nvd.nist.gov/vuln/detail/CVE-2023-34327 [ 12 ] CVE-2023-34328 https://nvd.nist.gov/vuln/detail/CVE-2023-34328 [ 13 ] CVE-2023-46835 https://nvd.nist.gov/vuln/detail/CVE-2023-46835 [ 14 ] CVE-2023-46836 https://nvd.nist.gov/vuln/detail/CVE-2023-46836 [ 15 ] CVE-2023-46837 https://nvd.nist.gov/vuln/detail/CVE-2023-46837 [ 16 ] CVE-2023-46839 https://nvd.nist.gov/vuln/detail/CVE-2023-46839 [ 17 ] CVE-2023-46840 https://nvd.nist.gov/vuln/detail/CVE-2023-46840 [ 18 ] CVE-2023-46841 https://nvd.nist.gov/vuln/detail/CVE-2023-46841 [ 19 ] CVE-2023-46842 https://nvd.nist.gov/vuln/detail/CVE-2023-46842 [ 20 ] CVE-2024-2193 https://nvd.nist.gov/vuln/detail/CVE-2024-2193 [ 21 ] CVE-2024-31142 https://nvd.nist.gov/vuln/detail/CVE-2024-31142 [ 22 ] XSA-431 https://xenbits.xen.org/xsa/advisory-431.html [ 23 ] XSA-432 https://xenbits.xen.org/xsa/advisory-432.html [ 24 ] XSA-436 https://xenbits.xen.org/xsa/advisory-436.html [ 25 ] XSA-437 https://xenbits.xen.org/xsa/advisory-437.html [ 26 ] XSA-438 https://xenbits.xen.org/xsa/advisory-438.html [ 27 ] XSA-439 https://xenbits.xen.org/xsa/advisory-439.html [ 28 ] XSA-440 https://xenbits.xen.org/xsa/advisory-440.html [ 29 ] XSA-441 https://xenbits.xen.org/xsa/advisory-441.html [ 30 ] XSA-442 https://xenbits.xen.org/xsa/advisory-442.html [ 31 ] XSA-447 https://xenbits.xen.org/xsa/advisory-447.html [ 32 ] XSA-449 https://xenbits.xen.org/xsa/advisory-449.html [ 33 ] XSA-450 https://xenbits.xen.org/xsa/advisory-450.html [ 34 ] XSA-451 https://xenbits.xen.org/xsa/advisory-451.html [ 35 ] XSA-452 https://xenbits.xen.org/xsa/advisory-452.html [ 36 ] XSA-453 https://xenbits.xen.org/xsa/advisory-453.html [ 37 ] XSA-454 https://xenbits.xen.org/xsa/advisory-454.html [ 38 ] XSA-455 https://xenbits.xen.org/xsa/advisory-455.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component's insufficient protection of sensitive information

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks

A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. TOTOLINK of a8000ru Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A8000RU is a wireless router from China's TOTOLINK Electronics

Windows Kernel Information Disclosure Vulnerability. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Hitachi Energy RTU500 series CMU Firmware has a security vulnerability that can be exploited by attackers to bypass security updates

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. fortinet's FortiClient EMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. Attackers can exploit this vulnerability to cause denial-of-service or code execution

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. Attackers can exploit this vulnerability to cause denial-of-service or code execution

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. Siemens SENTRON 3KC ATC6 Expansion Module is a power distribution protection device from Germany's Siemens, used to monitor and protect power systems

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Siemens' SINEMA Remote Connect Server contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Process Integration Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of x6000r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X6000R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. TOTOLINK X6000R version 9.4.0cu.852_20230719 has an operating system command injection vulnerability. This vulnerability originates from a security issue in the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi in the component shttpd, which causes operating system command injection by changing the parameter ip. No detailed vulnerability details are currently available

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time. Attackers can use this vulnerability to submit special requests to crash the application or execute arbitrary code in the application context

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. schoolbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd. in October 2015. It supports the 802.11ac protocol and offers a theoretical transmission rate of 1900 Mbps (600 Mbps in the 2.4 GHz band and 1300 Mbps in the 5 GHz band). The Tenda AC15 suffers from a stack buffer overflow vulnerability. This vulnerability stems from the failure to properly validate the length of input data in the firewallEn parameter of the formSetFirewallCfg method in the /goform/SetFirewallCfg page. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. Cisco WAP121 firmware, Cisco WAP125 firmware, Cisco WAP131 Multiple Cisco Systems products, including firmware, contain a stack-based buffer overflow vulnerability.Information may be obtained and information may be tampered with. Cisco Small Business is a switch of Cisco