VARIoT IoT vulnerabilities database

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Tenda AC1200 is a wireless router made by China Tenda Company

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. Tenda AC1200 is a wireless router made by China Tenda Company. An attacker could exploit this vulnerability to perform command injection

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. Tenda AC1200 is a wireless router made by China Tenda Company

Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. xiongmaitech of xm-jpr2-lx A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. There is a file download vulnerability in the EWEB network management system of Beijing Starnet Ruijie Network Technology Co., Ltd. Attackers can use this vulnerability to obtain sensitive information.

Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access. Intel's Intel OpenVINO There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel VTune Profiler Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation for optimizing software. The software can perform performance testing on IoT embedded applications, media software, Java applications, and high-performance computing applications

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access

Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. Intel NUC is a small mini computer produced by Intel Corporation of the United States. Attackers can use this vulnerability to elevate local privileges

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a privileged user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel NUC is a small mini computer produced by Intel Corporation of the United States. Local privilege escalation

Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel System Studio Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel System Studio is a multi-functional, cross-platform tool suite from Intel Corporation. Designed to simplify system startup and improve system and IoT device application performance on Intel platforms

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: Authentication Bypass by Spoofing [CWE-290] Date found: 2022-06-01 Date published: 2022-11-23 CVSSv3 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVE: CVE-2022-33942 2. CREDITS ========== This vulnerability was discovered and researched by Julien Ahrens from RCE Security. 3. VERSIONS AFFECTED ==================== Intel Data Center Manager 4.1.1.45749 and below 4. INTRODUCTION =============== Energy costs are the fastest rising expense for today’s data centers. Intel® Data Center Manager (Intel® DCM) provides real-time power and thermal consumption data, giving you the clarity you need to lower power usage, increase rack density, and prolong operation during outages. (from the vendor's homepage) 5. VULNERABILITY DETAILS ======================== The application allows configuring authentication via Active Directory groups. While this by itself isn't an issue, it becomes one as soon as an Active Directory group with a well-known SID (such as "S-1-5-32-544" or "S-1-5-32-546") is configured to allow authentication to DCM. This is because Intel's DCM only relies on the group's SID to allow authentication but doesn't verify the authenticating domain, which the user can give during the authentication process against the DCM Console and its REST interface. Since the DCM will send all Kerberos and LDAP (authentication) requests against the given domain, it is trivially easy to spoof the authentication responses by using an arbitrary Kerberos and LDAP server and replying with the SID of one of the configured Active Directory groups. This allows an attacker to bypass the authentication schema by using any domain with any user/password combination without actually being part of any Active Directory groups. 6. PROOF OF CONCEPT =================== See the referenced blog post for a full exploit. 7. SOLUTION =========== Update to Intel DCM 5.0 or later 8. REPORT TIMELINE ================== 2022-06-01: Discovery of the vulnerability 2022-06-28: Sent notification to Intel via their PSIRT 2022-06-28: Vendor response: Sent to appropriate reviewers. 2022-06-29: Vendor acknowledges the vulnerability and asks for coordinated disclosure on Nov. 8, 2022 2022-06-30: Rejected the disclosure date, due to my own policy, which makes it: August 13, 2022 2022-07-08: After a vendor call, I've submitted the issue through Intel's bug bounty program 2022-xx-xx: Vendor releases version 5.0 without any notification which fixes this vulnerability 2022-11-08: Vendor (responsible CNA) assigns CVE-2022-33942 2022-11-08: Vendor publishes security advisory INTEL-SA-00713 2022-11-23: Public disclosure 9. REFERENCES ============= https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-by-spoofing-kerberos-and-ldap-responses-cve-2022-33942 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00713.html https://github.com/MrTuxracer/advisories

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access

Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access