VARIoT IoT vulnerabilities database

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. Tenda AC18 is a router made by Chinese company Tenda. The vulnerability is caused by the fact that the addWifiMacFilter function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. (DoS) It may be in a state

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability is caused by the fact that the fromSetRouteStatic function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Tenda AC15 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that its formSetIpMacBind function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. Tenda AC18 is a router made by Chinese company Tenda. The vulnerability is caused by the fact that the formWifiWpsStart function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. Tenda AC21 is a wireless router made by China Tenda Company. The vulnerability comes from the fact that its formSetMacFilterCfg function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. Tenda AC18 is a router made by Chinese company Tenda. The vulnerability is caused by the fact that the formWifiWpsOOB function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Shenzhen Tenda Technology Co.,Ltd. of AC15 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. The vulnerability comes from the fact that its formSetVirtualSer function does not check the length of the input data. Attackers can use the vulnerability to launch a denial of service attack

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. (DoS) It may be in a state

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. PowerPath Management Appliance Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. ABB MicroSCADA Pro SYS600 is a set of monitoring and data acquisition software from ABB in Switzerland. The software is mainly used in substation automation, SCADA electrical, power distribution management applications and industrial power management etc. An attacker could exploit this vulnerability to execute code remotely

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. Tenda AC18 is a router made by Chinese company Tenda. The vulnerability is caused by the fact that the formSetWifiGuestBasic function does not check the length of the input data. Attackers can exploit the vulnerability to cause denial of service

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. PowerPath Management Appliance Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with

D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow. D-Link DIR-3060 is a router of D-Link company in China. Provides a function to connect to the network. There is a buffer overflow vulnerability in D-Link DIR-3060 DIR3060A1_FW111B04.bin version, which is caused by a boundary error in FUN_0049ac18 when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database. Wire Swiss GmbH of Windows for wire-server Contains a vulnerability related to information leakage from log files.Information may be obtained

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. Intelbras of sg 2404 poe firmware and sg 2404 mr Firmware contains a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intelbras SG 2404 MR is a switch with network management function produced by Intelbras in Brazil. There is a security vulnerability in Intelbras SG 2404 MR 20180928-rel64938 version

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability. For more information about these vulnerabilities, see the Details section of this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx