VARIoT IoT vulnerabilities database

A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from the use of a weak encryption algorithm vulnerability

A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security vulnerability due to an open redirection vulnerability

A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from a weak authentication flaw in the device registration page

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. (DoS) It may be in a state

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC 7.2.0, FortiNAC 9.4.2 and earlier, 9.2, 9.1, 8.8, and 8.7 have security vulnerabilities

An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection. Fortinet FortiNAC has a security flaw that stems from insufficiently protected credentials

Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet

A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. ASUSTeK Computer Inc. of RT-AC51U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ASUS RT-AC51U is a wireless router made by ASUS in China. The vulnerability stems from the lack of effective filtering and escaping of the data provided by the user. Attackers can exploit this vulnerability to execute arbitrary Web script or HTML

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained

Memory corruption in Graphics while importing a file. 315 5g iot modem firmware, 9206 lte modem firmware, APQ8017 Multiple Qualcomm products such as firmware contain vulnerabilities related to illegal type conversion.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Qualcomm chip is a chip of Qualcomm (Qualcomm). A way of miniaturizing circuits (primarily semiconductor devices, but also passive components, etc.) and often fabricated on the surface of a semiconductor wafer. A security vulnerability exists in some Qualcomm products due to incorrect type conversions in graphics. The following products are affected: 315 5G IoT Modem, 9206 LTE Modem, APQ8017, APQ8052, APQ8056, APQ8064AU, APQ8076, AQT1000, AR8031, AR8035, C-V2X 9150, CSRA6620, CSRA6640, CSRB 31024, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, Flight RB5 5G Platform, Home Hub 100 Platform, MDM9250, MDM9628, MDM9650, MSM8108, MSM8209, MSM8608, MSM8996AU, QAM8295P, QCA6174, QCA6174A, QCA6310, QCA6320, QCA 6335, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431 , QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCM6490, QCN6024, QCN9011, QCN9012, QCN9024 , QCN9074, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCS8155, QCS8250, QRB5165M, QRB5165N, QSM8250, Qualcomm 205 Mobile Platform, Qualcomm 215 Mobile Platform, Robotics RB 3 Platform, Robotics RB5 Platform, SA4150P, SA4155P, SA6145P, SA6150P , SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD626, SD660, SD670, SD675, SD730, SD835, SD855, SD865 5G, SD888, SDM429W, SDX20M, SDX55, SM4125, SM6250, SM6250P , SM7250P, SM7315, SM7325P, Smart Audio 200 Platform, Smart Audio 400 Platform, Smart Display 200 Platform (APQ5053-AA), Snapdragon 1200 Wearable Platform, Snapdragon 208 Processor, Snapdragon 210 Processor, Snapdragon 212 Mobile Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 425 Mobile Platform, Snapdragon 429 Mobile Platform, Snapdragon 439 Mobile Platform, Snapdragon 450 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 617 Processor, Snapdragon 625 Mobile Platform, Snapdragon 626 Mobile Platform, Snapdragon 630 Mobile Platform, Snapdragon 632 Mobile Platform, Snapdragon 636 Mobile Platform, Snapdragon 650 Mobile Platform, Snapdragon 652 Mobile Platform, Snapdragon 653 Mobile Platform, Snapdragon 660 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 665 Mobile Platform, Snapdragon 670 Mobile Platform, Snapdragon 675 Mobile Platform, Snapdragon 678 Mobile Platform (SM6150-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 6 90 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 710 Mobile Platform, Snapdragon 720G Mobile Platform, Snapdragon 730 Mobile Platform (SM7150-AA), Snapdragon 730G Mobile Platform (SM7150-AB), Snapdragon 732G Mobile Platform (SM7150-AC), Snapdragon 750G 5G Mobile Platform, Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM 7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute, Snapdragon 820 Automotive Platform, Snapdragon 835 Mobile PC Platform, Snapdragon 845 Mobile Platform, Snapdragon 855 Mobile Platform, Snapdragon 855+/860 Mobile Platform ( SM8150-AC), Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform platform (SM8350-AC ), Snapdragon Auto 5G Modem-RF, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon Wear 4100+ Platform, Snapdragon X12 LTE Modem, Snapdragon X20 LTE Modem, Snapdragon X24 LTE Modem, Snapdragon X5 LTE Modem, Snapdragon on X50 5G Modem-RF System, Snapdragon X55 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon XR1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon Auto 4G Modem, SW5100, SW5100P, SXR11 20, SXR2130, Vision Intelligence 100 Platform (APQ8053 -AA), Vision Intelligence 200 Platform (APQ8053-AC), Vision Intelligence 400 Platform, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610 , WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680 , WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3999, WCN6740, WSA8810, WSA8815, WSA8830, WSA8835

3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs. 3CX of 3cx Exists in a past traversal vulnerability.Information may be obtained

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398. of netgear RAX30 The firmware contains a vulnerability related to violation of the same origin policy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825. of netgear RAX30 firmware and RAXE300 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. D-Link Systems, Inc. of DIR-890L An authentication vulnerability exists in firmware.Information may be obtained

Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. Shenzhen Tenda Technology Co.,Ltd. of N301 A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. Zyxel NBG6604 is a dual-band wireless router made by China Zyxel Technology Co., Ltd. There is a security vulnerability in Zyxel NBG6604. A remote attacker can use this vulnerability to submit a special request and execute arbitrary code in the system context

Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. Shenzhen Tenda Technology Co.,Ltd. of N301 A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. thinkagile hx5530 firmware, thinkagile hx7530 firmware, ThinkAgile VX3331 firmware etc. Lenovo There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841. NETGEAR RAX30 is a dual-band wireless router from NETGEAR