VARIoT IoT vulnerabilities database

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series programmable logic controller of Mitsubishi Electric of Japan. Mitsubishi MELSEC-L Series is a MELSEC-L series programmable logic controller of Mitsubishi of Japan

Beijing COSCO Kirin Technology Co., Ltd. is a software development company focusing on research and development. The company's main products are COSCO Kirin bastion host, Kirin SSL VPN, Kirin dynamic password system, Kirin cloud desktop, etc. COSCO Kirin bastion machines mainly operate in cloud markets such as Tencent Cloud, Alibaba Cloud, Huawei Cloud, and Inspur Cloud. There is a command execution vulnerability in the operation and maintenance audit system of Beijing COSCO Kirin Technology Co., Ltd. An attacker can use this vulnerability to gain control of the server.

An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. of netgear DGND4000 Firmware contains a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ‌ NETGEAR DGND4000 is a wireless router with modem functionality. No detailed vulnerability details are available at this time

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. TP-LINK Technologies of ER605 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TP-LINK Omada ER605 is a VPN router from TP-LINK of China. TP-LINK Omada ER605 versions 1.0.1 to 2.2.3 have a buffer overflow vulnerability, which is caused by a boundary error when the application processes untrusted input. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. Shenzhen Tenda Technology Co.,Ltd. of AX12 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users. It supports dual-band concurrent transmission and achieves speeds of up to 2976 Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. Sagemcom of F@st 3686 A session expiration vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Security researchers have labeled this variant of the Spectre v1 vulnerability “GhostRace", for ease of communication.CVE-2024-2193 AffectedCVE-2024-2193 Affected. AMD CPUs are a series of CPUs manufactured by AMD. AMD CPUs contain a race condition vulnerability. This vulnerability stems from improper handling of concurrent access when concurrent code needs to access shared resources mutually exclusively during network system or product operation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #918669, #921355, #923741, #928620, #929038 ID: 202409-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ app-emulation/xen < 4.17.4 >= 4.17.4 Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4" References ========== [ 1 ] CVE-2022-4949 https://nvd.nist.gov/vuln/detail/CVE-2022-4949 [ 2 ] CVE-2022-42336 https://nvd.nist.gov/vuln/detail/CVE-2022-42336 [ 3 ] CVE-2023-28746 https://nvd.nist.gov/vuln/detail/CVE-2023-28746 [ 4 ] CVE-2023-34319 https://nvd.nist.gov/vuln/detail/CVE-2023-34319 [ 5 ] CVE-2023-34320 https://nvd.nist.gov/vuln/detail/CVE-2023-34320 [ 6 ] CVE-2023-34321 https://nvd.nist.gov/vuln/detail/CVE-2023-34321 [ 7 ] CVE-2023-34322 https://nvd.nist.gov/vuln/detail/CVE-2023-34322 [ 8 ] CVE-2023-34323 https://nvd.nist.gov/vuln/detail/CVE-2023-34323 [ 9 ] CVE-2023-34324 https://nvd.nist.gov/vuln/detail/CVE-2023-34324 [ 10 ] CVE-2023-34325 https://nvd.nist.gov/vuln/detail/CVE-2023-34325 [ 11 ] CVE-2023-34327 https://nvd.nist.gov/vuln/detail/CVE-2023-34327 [ 12 ] CVE-2023-34328 https://nvd.nist.gov/vuln/detail/CVE-2023-34328 [ 13 ] CVE-2023-46835 https://nvd.nist.gov/vuln/detail/CVE-2023-46835 [ 14 ] CVE-2023-46836 https://nvd.nist.gov/vuln/detail/CVE-2023-46836 [ 15 ] CVE-2023-46837 https://nvd.nist.gov/vuln/detail/CVE-2023-46837 [ 16 ] CVE-2023-46839 https://nvd.nist.gov/vuln/detail/CVE-2023-46839 [ 17 ] CVE-2023-46840 https://nvd.nist.gov/vuln/detail/CVE-2023-46840 [ 18 ] CVE-2023-46841 https://nvd.nist.gov/vuln/detail/CVE-2023-46841 [ 19 ] CVE-2023-46842 https://nvd.nist.gov/vuln/detail/CVE-2023-46842 [ 20 ] CVE-2024-2193 https://nvd.nist.gov/vuln/detail/CVE-2024-2193 [ 21 ] CVE-2024-31142 https://nvd.nist.gov/vuln/detail/CVE-2024-31142 [ 22 ] XSA-431 https://xenbits.xen.org/xsa/advisory-431.html [ 23 ] XSA-432 https://xenbits.xen.org/xsa/advisory-432.html [ 24 ] XSA-436 https://xenbits.xen.org/xsa/advisory-436.html [ 25 ] XSA-437 https://xenbits.xen.org/xsa/advisory-437.html [ 26 ] XSA-438 https://xenbits.xen.org/xsa/advisory-438.html [ 27 ] XSA-439 https://xenbits.xen.org/xsa/advisory-439.html [ 28 ] XSA-440 https://xenbits.xen.org/xsa/advisory-440.html [ 29 ] XSA-441 https://xenbits.xen.org/xsa/advisory-441.html [ 30 ] XSA-442 https://xenbits.xen.org/xsa/advisory-442.html [ 31 ] XSA-447 https://xenbits.xen.org/xsa/advisory-447.html [ 32 ] XSA-449 https://xenbits.xen.org/xsa/advisory-449.html [ 33 ] XSA-450 https://xenbits.xen.org/xsa/advisory-450.html [ 34 ] XSA-451 https://xenbits.xen.org/xsa/advisory-451.html [ 35 ] XSA-452 https://xenbits.xen.org/xsa/advisory-452.html [ 36 ] XSA-453 https://xenbits.xen.org/xsa/advisory-453.html [ 37 ] XSA-454 https://xenbits.xen.org/xsa/advisory-454.html [ 38 ] XSA-455 https://xenbits.xen.org/xsa/advisory-455.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks. The vulnerability stems from the currentsetting.htm component's insufficient protection of sensitive information

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. NETGEAR CBR40/CBK40/CBM43 are all routers from NETGEAR. Hardware devices that connect two or more networks and act as gateways between networks

A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. TOTOLINK of a8000ru Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A8000RU is a wireless router from China's TOTOLINK Electronics

Windows Kernel Information Disclosure Vulnerability. RTU500 is a series of industrial control components of Hitachi, Japan, mainly used in industrial control systems. Hitachi Energy RTU500 series CMU Firmware has a security vulnerability that can be exploited by attackers to bypass security updates

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. fortinet's FortiClient EMS for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. Attackers can exploit this vulnerability to cause denial-of-service or code execution

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Shenzhen Tenda Technology Co.,Ltd. of AC18 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC18 is a dual-band wireless router launched in July 2016 by Shenzhen Jixiang Tenda Technology Co., Ltd., primarily targeting villa and large-apartment users. Attackers can exploit this vulnerability to cause denial-of-service or code execution

A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. Siemens SENTRON 3KC ATC6 Expansion Module is a power distribution protection device from Germany's Siemens, used to monitor and protect power systems

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. SENTRON PAC Meter products are power measuring devices for precise energy management and transparent information collection

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. Siemens' SINEMA Remote Connect Server contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Process Integration Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained