VARIoT IoT vulnerabilities database

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading when the files change. All versions of npm static-dev-server have a directory traversal vulnerability. The vulnerability stems from the lack of validity check of the path when processing directory requests. Attackers can use this vulnerability to retrieve arbitrary files from the underlying file system through specially crafted web requests

RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. The Realtek RTL8111EP-CG and Realtek RTL8168FP-CG are both Ethernet controllers. Realtek RTL8111EP-CG, RTL8111FP-CG Firmware versions before 3.0.0.2019090 have a trust management vulnerability

RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service. Realtek RTL8111FP-CG is an Ethernet controller. Realtek RTL8111FP-CG Firmware versions before 5.0.23 have an authorization problem vulnerability

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. Google of protobuf-java and protobuf-javalite Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM WebSphere Application Server Liberty is a Java application server built on the Open Liberty project by International Business Machines (IBM). There is a denial of service vulnerability in IBM WebSphere Application Server Liberty. The vulnerability is caused by a flaw in the parsing program for text format data. Attackers can use the vulnerability to launch a denial of service attack. This has been addressed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202301-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: protobuf-java: Denial of Service Date: January 11, 2023 Bugs: #876903 ID: 202301-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in protobuf-java which could result in denial of service. Background ========== protobuf-java contains the Java bindings for Google's Protocol Buffers. Impact ====== Crafted input can trigger a denial of service via long garbage collection pauses. Workaround ========== There is no known workaround at this time. Resolution ========== All protobuf-java users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/protobuf-java-3.20.3" References ========== [ 1 ] CVE-2022-3171 https://nvd.nist.gov/vuln/detail/CVE-2022-3171 [ 2 ] CVE-2022-3509 https://nvd.nist.gov/vuln/detail/CVE-2022-3509 [ 3 ] CVE-2022-3510 https://nvd.nist.gov/vuln/detail/CVE-2022-3510 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202301-09 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release Advisory ID: RHSA-2023:1855-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1855 Issue date: 2023-04-18 CVE Names: CVE-2022-1278 CVE-2022-3509 CVE-2022-3510 ===================================================================== 1. Summary: JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now available. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This is a cumulative patch release zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.10. Security Fix(es): * protobuf-java: Textformat parsing issue leads to DoS (CVE-2022-3509) * protobuf-java: Message-Type Extensions parsing issue leads to DoS (CVE-2022-3510) * WildFly: possible information disclosure (CVE-2022-1278) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2073401 - CVE-2022-1278 WildFly: possible information disclosure 2184161 - CVE-2022-3509 protobuf-java: Textformat parsing issue leads to DoS 2184176 - CVE-2022-3510 protobuf-java: Message-Type Extensions parsing issue leads to DoS 5. JIRA issues fixed (https://issues.jboss.org/): JBEAP-24683 - EAP XP 4.0.0.GA for EAP 7.4.10 6. References: https://access.redhat.com/security/cve/CVE-2022-1278 https://access.redhat.com/security/cve/CVE-2022-3509 https://access.redhat.com/security/cve/CVE-2022-3510 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEgrsNzjgjWX9erEAQjO7w/8CJVAm7CegEfpQTIiZZNLy0FZvR6VtmJm yTUrhH5z5X/DquTmCvxhnmURumHAea5QBtb9Cl1vLPVtX7RAV8Ej+IlqyFr+bjtD 8HZP6eVeYuf+AGa1lVAM+mG0vkdTLRO5suijzzaPoqdORJ+emYYyUytAPkkuSIK6 ofRWIWaslyjcZyMAwPVPd63VYjwKOQztOg7tCH/66gL0TjZw/6v6stChKmz4+Kp5 2CGmozBUHTgwUUPNDIz/KzxgVilZHlk0ADQ5gjlTIa5HLmntqUytgALL9/04fflF JNqNrRG1OMlmS105nhE/OGPWOSwy6s8hBvIvTz8jwNkAK4BToF2E1RZ98Mj415Uc PAwl6EMNRAHzB1JHMik1XCUu9EbuSSmk/gGsrx6dkQ4czlhcZ8NwkSvNtRq7sGh7 q2FYyg2CvfRLPcDD9mgc20Rbp7oCcsA485l6+2eRfJH/yTq9leF/B1P2wer7a9p3 Z/RNu6oV7KHvnD4ZHE1Z6aB5gdEzSY708b8kV/qj1I5taK1cavZnmLyahxa9/wqg 9ZyH5wHGGHb/buQq9I630J73/nN5pySeJ+8RzyNqfGWV3Ob1MdBEL1PIyBjLNS+V BxTnlZm10/vuumx0/qYVs/9OpXQ0iJBhjPJRSEu9/xA9gsOU0ooVTOvHY12VRDpT wQ2MBld+FLs= =cQr5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: This release of Red Hat Integration - Service Registry 2.4.3 GA includes the following security fixes

WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. WAVLINK WN531G3 is a wireless router made by WAVLINK in China

An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. APSystems of ecu-c There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. APsystems is a micro-inverter produced by APsystems in the United States. Combining high-efficiency power conversion with a user-friendly monitoring interface brings you reliable, smart energy. Attackers can use the vulnerability to access sensitive data. Executing specific commands and functions with administrator privileges can also launch other attacks

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. D-Link DNR-322L is a monitoring memory of D-Link

TOTOLINK A7000R is a wireless router. There is a command execution vulnerability in TOTOLINK A7000R, which can be exploited by attackers to execute arbitrary commands.

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. Both Epson TM-C3500 and Epson TM-C7500 are printers produced by Epson Corporation of Japan

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. Hirschmann BAT-C2 is a wireless access point of German Hirschmann company. There is a command injection vulnerability in belden Hirschmann BAT-C2 versions before 09.13.01.00R04. Attackers can use the vulnerability to launch command injection attacks

Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files in the CX-Programmer module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Provided by Omron Corporation CX-Programmer contains multiple vulnerabilities: * Use of freed memory ( Use-after-free )( CWE-416 ) - CVE-2022-43508 , CVE-2023-22277 , CVE-2023-22317 , CVE-2023-22314 It was * out-of-bounds write ( CWE-787 ) - CVE-2022-43509 It was * stack-based buffer overflow ( CWE-121 ) - CVE-2022-43667 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function. TOTOLINK of lr350 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR350 is a 4G LTE router released by China's TOTOLINK Electronics. It converts 4G signals into wired signals and is suitable for home and office use. This vulnerability could allow an attacker to cause remote code execution

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. Parallels of Remote Application Server Exists in encoding and escaping vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function. TOTOLINK of lr350 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR350 is a 4G LTE router released by China's TOTOLINK Electronics. It converts 4G signals into wired signals and is suitable for home and office use. An attacker could exploit this vulnerability to cause remote code execution

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function. TOTOLINK of lr350 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK LR350 is a 4G LTE router released by China's TOTOLINK Electronics. It converts 4G signals into wired signals and is suitable for home and office use. An attacker could exploit this vulnerability to cause remote code execution

UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12,&nbsp;UC-3100 System Image: Versions v1.0 to v1.6,&nbsp;UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. Moxa Provided by ARM-Based Computers The following vulnerabilities exist in. It was * Improper authority management (CWE-269) - CVE-2022-3088If the vulnerability is exploited, it may be affected as follows. It was * to a general privileged user root Gained authority and full control over the system. There is a privilege escalation vulnerability in Moxa ARM-Based Computers, attackers can exploit the vulnerability to obtain root privileges