VARIoT IoT vulnerabilities database

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. The vulnerability stems from the lack of data validation and filtering of user-provided data and output in the user creation function

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. (DoS) It may be in a state

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description: A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary: An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business. This asynchronous security patch is an update to Red Hat Decision Manager 7. Security Fix(es): * spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars. For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+ 5. References: https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that could be exploited by an attacker to cause a denial of service attack.

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. firmware analysis and comparison tool project Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to forge a malicious request to log in to an administrator to click to perform sensitive operations

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. TOTOLINK of ex300 v2 firmware and A720R A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink in China. TotoLink A720R is a gigabit dual-band wireless wifi amplifier from China TotoLink company. TotoLink EX300_v2 and A720R have a resource management error vulnerability that could be exploited by an attacker to run out of storage space, resulting in a DoS condition

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. ZTE of zxhn f680 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. This vulnerability is caused by the lack of data verification filtering for user-provided data and output in the gateway name

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. TOTOLINK of ex300 v2 firmware and ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX300 is a 300 Mbps wireless N range extender from China TotoLink company, TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK company. An access control error vulnerability exists in TOTOLINK EX300_v2 and EX1200T. The vulnerability stems from the device web server not performing any authentication, allowing an attacker to access the web ui and perform any actions

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. TOTOLINK of A3100R A vulnerability exists in the firmware regarding the use of insufficient random values.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink A3100R is a series of wireless routers from TotoLink, a Taiwanese company

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that could be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that can be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that can be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that could be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that could be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that can be exploited by an attacker to cause a denial of service attack.

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a binary vulnerability that could be exploited by an attacker to cause a denial of service attack.

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. autodome ip 4000i firmware, autodome ip 5000i firmware, autodome ip starlight 5000i firmware etc. Robert Bosch GmbH The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. TOTOLINK of ar3100r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink A3100R is a series of wireless routers from TotoLink, a Taiwanese company. The vulnerability is caused by the input field not being properly filtered

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. TOTOLINK of A3100R A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink A3100R is a series of wireless routers from TotoLink, a Taiwanese company. TotoLink A3100R V5.9c.4577 version has a trust management issue vulnerability

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. autodome ip 4000i firmware, autodome ip 5000i firmware, autodome ip starlight 5000i firmware etc. Robert Bosch GmbH The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state