VARIoT IoT vulnerabilities database

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535

Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534. (DoS) It may be in a state. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product of Triangle MicroWorks in the United States

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing. mi of xiaomi router Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Xiaomi router is a series of wireless routers from Xiaomi, a Chinese company

GR8300 is a Gigabit enterprise router. H3C Technology Co., Ltd. GR8300 has a command execution vulnerability, and an attacker can use the vulnerability to execute commands.

Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. This vulnerability information is provided by the developer for the purpose of dissemination to product users. (DoS) may become a state

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. TP-LINK Archer AX21 is a wireless router produced by China Pulian (TP-LINK). The vulnerability stems from the fact that the program fails to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20355. (DoS) It may be in a state. Inductive Automation Ignition‌ is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analysis

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20541. Inductive Automation of Ignition Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inductive Automation Ignition‌ is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the server configuration. The issue results from the lack of authentication prior to allowing access to password change functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20540. (DoS) It may be in a state. Inductive Automation Ignition‌ is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection and analysis. Ignition was developed by Inductive Automation to help users build and deploy automation systems that meet specific needs‌

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-859 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-859 is a wireless router made by China D-Link Company. The vulnerability stems from the lack of effective authentication in phpcgi_main

Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-895L An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-895 is a wireless router made by China D-Link Company. D-Link DIR-895 has an authentication bypass vulnerability. The vulnerability stems from the fact that the phpcgi_main function in cgibin lacks effective authentication

Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-885L An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-885L is a wireless router made by China D-Link Company. The vulnerability stems from the lack of effective authentication in phpcgi

Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-645 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.   After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. ASUSTeK Computer Inc. of RT-AX88U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ASUS RT-AX88U is a wireless router made by ASUS in China. There is a cross-site scripting vulnerability in ASUS RT-AX88U. The vulnerability stems from the lack of effective filtering and escaping of the data provided by the user in the Custom User Icons function

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition. ASUSTeK Computer Inc. of RT-AX88U An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. ASUS RT-AX88U is a wireless router made by ASUS in China. ASUS RT-AX88U has a buffer overflow vulnerability. The vulnerability stems from failing to check the buffer input size

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition. ASUSTeK Computer Inc. of RT-AX88U An out-of-bounds read vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. ASUS RT-AX88U is a wireless router made by ASUS in China. ASUS RT-AX88U has a buffer overflow vulnerability. The vulnerability stems from the failure to check the buffer input size

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password). The TeleAdapt RoomCast TA-2400 is an all-in-one, self-contained premium content streaming box for guest rooms from TeleAdapt UK. An escalation of privilege vulnerability exists in TeleAdapt RoomCast TA-2400, which is caused by improper permission management of Android Debug Bridge (ADB). An attacker could exploit this vulnerability to gain elevated root privileges