VARIoT IoT vulnerabilities database

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Provided by Omron Corporation CX-Drive freed memory use (use-after-free) Vulnerability (CWE-416) exists. This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Michael Heinzl MrArbitrary code may be executed by loading a specially crafted file into the affected product

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). OpenEuler Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Sichuan Tianyi Kanghe Communication Co., Ltd. is based on the optical communication industry and mobile communication industry. It has long been committed to the research and development, production, sales and service of communication equipment related products. Research and development, production, sales and service of signal depth coverage, intelligent vision equipment and optical fiber communication wiring and connection equipment. There is an XSS vulnerability in the Wi-Fi6 router of Sichuan Tianyi Kanghe Communication Co., Ltd. Attackers can use this vulnerability to obtain sensitive information such as user cookies.

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44750.  This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44754.  This vulnerability applies to software previously licensed by IBM. HCL Technologies Limited of Domino server Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Kingview is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. There is a denial of service vulnerability in KingView of Beijing Yakong Technology Development Co., Ltd. Attackers can use this vulnerability to launch a denial of service attack.

Tianqing application delivery control system is a traffic management solution with virtualized cloud computing center. There is a weak password vulnerability in the Tianqing application delivery control system of Venustech Information Technology Group Co., Ltd. Attackers use this vulnerability to log in to the background of the system to obtain sensitive information.

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in this stack, which causes the implementation to dereference a NULL pointer and triggers undefined behavior. More specifically, while processing the L2CAP protocol, the implementation maps an incoming channel ID to its metadata structure. In this structure, state information regarding credits is managed through calls to the function input_l2cap_credit in the module os/net/mac/ble/ble-l2cap.c. Unfortunately, the input_l2cap_credit function does not check that the metadata corresponding to the user-supplied channel ID actually exists, which can lead to the channel variable being set to NULL before a pointer dereferencing operation is performed. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. Users can apply the patch in Contiki-NG pull request #2253 as a workaround until the new package is released. Contiki-NG for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. RAX30 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience. The NETGEAR Nighthawk WiFi 6 Router contains a command injection vulnerability

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. of netgear RAX30 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience. The NETGEAR Nighthawk WiFi 6 Router has an authorization vulnerability caused by the presence of four default user accounts on the device. Detailed vulnerability details are not available at this time

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). CompactLogix 5370 firmware, Compact Guardlogix 5370 firmware, Compact GuardLogix 5380 Controller firmware, etc. Rockwell Automation There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Rockwell Automation controllers are a series of controllers from Rockwell Automation, an American company. Attackers can exploit this vulnerability to cause major non-recoverable failures (MNRF) and denial of service

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. nighthawk ax1800 firmware, nighthawk ax2400 firmware, nighthawk ax3000 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. Shenzhen Tenda Technology Co.,Ltd. of AC10 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

Kingview is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. There is a denial of service vulnerability in KingView, which can be exploited by attackers to cause the process to crash.

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory. apple's iOS Exists in an out-of-bounds read vulnerability.Information may be obtained

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history. apple's Safari , iOS , macOS Exists in unspecified vulnerabilities.Information may be obtained

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented. rsjoomla of WordPress for rsfirewall! Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate privilege via crafted URL to the Audit Log. ThingsBoard, Inc. of ThingsBoard Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Thingsboard is a Java-based platform of the Thingsboard team for IOT device monitoring, management, and data collection

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. TOTOLINK of A7100RU The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state