VARIoT IoT vulnerabilities database

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect boundary checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWanSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. The vulnerability is caused by incorrect bounds checking of the SetWLanRadioSettings function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is due to incorrect boundary checking of the SetParentsControlInfo function

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. D-Link DIR-823G is a wireless router made by China D-Link Company. This vulnerability is caused by the CurrentPassword parameter of the CheckPasswdSettings method failing to correctly verify the length of the input data

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.

D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18826. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks

D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18824. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks

D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks

D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21101. D-Link Systems, Inc. of dir-x3260 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-X3260 is a mainstream router from D-Link that supports Wi-Fi 6

D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18827. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support switching between wired and wireless networks or connecting to different wireless networks

D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of a request parameter provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18822. D-Link Systems, Inc. of DAP-1325 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless access point/bridge manufactured by D-Link. It is primarily used to extend wireless network coverage, support conversion between wired and wireless networks, and connect different wireless networks

D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21102. D-Link Systems, Inc. of dir-x3260 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-X3260 is a mainstream router from D-Link that supports Wi-Fi 6

D-Link DIR-X3260 Prog.cgi Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver. The issue results from the lack of proper validation of the length an user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20727. D-Link Systems, Inc. of dir-x3260 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-X3260 is a mainstream router from D-Link that supports Wi-Fi 6

D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18825. D-Link Systems, Inc. of DAP-1325 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DAP-1325 is a wireless network extender manufactured by D-Link, primarily used to extend wireless network coverage and support wired/wireless network switching or connection to different wireless networks

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Shenzhen Tenda Technology Co.,Ltd. of AC6 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. It supports both IPv4 and IPv6 protocols, utilizes the 802.11ac/n wireless standard, and provides a wireless transmission rate of 1167Mbps. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. GNU Project of GNU C Library Products from multiple vendors, such as the following, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6409-1 October 03, 2023 glibc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in GNU C Library. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2023-4911) It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system was configured in no-aaaa mode. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-4527) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libc6 2.37-0ubuntu2.1 Ubuntu 22.04 LTS: libc6 2.35-0ubuntu3.4 After a standard system update you need to reboot your computer to make all the necessary changes. Details can be found in the Qualys advisory at https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u7. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and CVE-2023-4806 originally planned for the upcoming bookworm point release. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUcTjRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RwIg/9FzdAHadxCbk4N4Yg+aC3CmY68Z0Q2datcBWL5oLnplNNKcgsQqDDrbr4 WBphk1mQBusrOw5t5O2CAZitUk/mcQQ0bsV3YDPKTnKYswYkf6MXIfJ9Ck3uHJ0W yKVczC9g2ZLJ3uhpAIPiKro/XxKJRbek2WLJ+lgXnJz4akhwB1sd1nDEUOKz3gBH jvZj8UvjPHg1gwf1d5Xz4C3Kcd5aso8a/Tpr6iix7UJB8FZmfwlo+Oq4+/obPvJm n5Rj0x6R2GEH/edJylgzrVMOYc5bSZlTs0a4rm90oUHWYL9Y3bDIusJesSedy97H qra/DMFlQRs0JPejC+TUhLmJWvOum30WrPpdQtjSAcWuxKTse/felwyDwwQ3ogP5 tzUOeG/YmHj8kT0owAFUFiQumOifMTVNO2SYHCO3jXSLkMCOw1f9NCmcV3wU05Pe cmFJgiZpzYzg4oY+MOnJAHfryQL4RGhv+VyPk5nhMa9F8405xSvl7did0FPz7YLX aWLAm8xhO/+ZIDowfKGK54zaDt2DHqId7VGNgn196ES8abuY71Le9zj1SIkZIXdA KwEwgGTSxkfWs/ffuzrn7gvmDLvB1u1Gb27Cq3M/WoVlxqGzmufyZM8t9xJhomEY BUNpA4jr0ZKxw5t5oss8xh95OVRCCjK6HAeTbpMXWbeEVCQjV30=j3fR -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: glibc: Multiple vulnerabilities Date: October 04, 2023 Bugs: #867952, #914281, #915127 ID: 202310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Background ========= glibc is a package that contains the GNU C library. Affected packages ================ Package Vulnerable Unaffected -------------- ------------ ------------ sys-libs/glibc < 2.37-r7 >= 2.37-r7 Description ========== Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact ===== An attacker could elevate privileges from a local user to root. Workaround ========= There is no known workaround at this time. Resolution ========= All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.37-r7" References ========= [ 1 ] CVE-2022-39046 https://nvd.nist.gov/vuln/detail/CVE-2022-39046 [ 2 ] CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 [ 3 ] CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 [ 4 ] CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0033.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization Host 4.4.z SP 1 security update Advisory ID: RHSA-2024:0033-03 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2024:0033 Issue date: 2024-01-03 Revision: 03 CVE Names: CVE-2023-4911 ==================================================================== Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: https://access.redhat.com/articles/2974891 CVEs: CVE-2023-4911 References: https://access.redhat.com/security/updates/classification/#moderate https://bugzilla.redhat.com/show_bug.cgi?id=2238352