VARIoT IoT vulnerabilities database

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. Siemens' cp-8050 firmware and cp-8031 A path traversal vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The ICAM A8000 RTU (Remote Terminal Unit) series is a family of modular devices suitable for remote control and automation applications in various areas of energy supply

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. Siemens' sicam pas/pqs Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained and information may be tampered with. Siemens SICAM PAS/PQS is a software from Germany's Siemens with operating systems for energy automation and power quality

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again. SIMATIC CP 1604 firmware, SIMATIC CP 1616 firmware, simatic cp 1623 Multiple Siemens products such as firmware contain a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. SIMATIC CP 1623, CP 1626 and CP 1628 are PCI express cards for connecting Industrial Ethernet. SIMATIC CP 1604 and CP 1616 are PCI/PCI-104 cards for connecting field devices to PROFINET Industrial Ethernet

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions. SIMATIC CP 1604 firmware, SIMATIC CP 1616 firmware, simatic cp 1623 Multiple Siemens products, including firmware, contain vulnerabilities related to access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC CP 1623, CP 1626 and CP 1628 are PCI express cards for connecting Industrial Ethernet. SIMATIC CP 1604 and CP 1616 are PCI/PCI-104 cards for connecting field devices to PROFINET Industrial Ethernet. Siemens SIMATIC CP devices have an improper access control vulnerability

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. Siemens' cp-8050 firmware and cp-8031 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family suitable for remote control and automation applications in various areas of energy supply

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. D-Link Systems, Inc. of DAP-1860 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-X1860 is a wireless router from China D-Link Company. D-Link DAP-X1860 has a code execution vulnerability. The vulnerability arises from the application's failure to properly filter special elements that construct code segments. An attacker could exploit this vulnerability to execute arbitrary commands on the system

An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. D-Link Systems, Inc. of DSL-3782 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. tapo of mini smart wi-fi plug Firmware and other products from multiple vendors contain vulnerabilities related to inappropriate permission assignments on critical resources.Service operation interruption (DoS) It may be in a state

A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823). Siemens' SINEMA Server Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEMA Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SNMP sysLocation OID. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens SINEMA Server is a software developed by the German Siemens company specifically for industrial applications. It enables you to fully visualize and monitor your network

IVMS-7200 is a mobile video surveillance management system. There is a file upload vulnerability in the IVMS-7200 video surveillance management system of Hangzhou Hikvision Digital Technology Co., Ltd. An attacker can use the vulnerability to gain system permissions.

TL-ER6120G is a router of TP-LINK. The TL-ER6120G of Pulian Technology Co., Ltd. has a directory traversal vulnerability. An attacker can use this vulnerability to obtain sensitive information and download sensitive files.

IPELA ENGINE IP Cameras SNC-CH160, SNC-CH210, SNC-RS86P, DH-160, DH-120, SNC-ER550 are surveillance equipment owned by Sony. Many Sony cameras have weak password vulnerabilities that attackers can use to gain web management rights.

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). ThingsBoard, Inc. of ThingsBoard There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. D-Link Systems, Inc. of DIR-820L The firmware contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. D-Link DIR-846 is a wireless router made by China D-Link Company. D-Link DIR-846 has a code execution vulnerability that allows an attacker to execute arbitrary code

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSecurity function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function