VARIoT IoT vulnerabilities database

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda M3 is an access controller from Tenda, a Chinese company. for constructing commands. Attackers can use this vulnerability to cause arbitrary command execution

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879. R6400 firmware, R6700 firmware, R6900P A stack-based buffer overflow vulnerability exists in multiple Netgear products, including firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. iMessage (Messages app) iOS Exists in unspecified vulnerabilities.Information may be tampered with. Apple iMessage iOS is an instant messaging service of Apple (Apple)

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. Delta Electronics, INC. of DIAEnergie for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. Delta Electronics, INC. of DIAEnergie Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). BigAnt Software BigAnt Server is a server from BigAnt Studios in Australia. BigAnt Software BigAnt Server version 5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 3CX of Iphone_os for 3cx Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: 3CX Client for Windows (legacy), Android & iOS # Vendor: 3CX # CSNC ID: CSNC-2021-021 # CVE ID: CVE-2021-45490 # Subject: Missing Certificate Verification # CWE-ID: CWE-295 (Improper Certificate Validation) # Severity: Medium # Effect: Network Traffic Decryption and Manipulation # Author: Emanuel Duss <emanuel.duss@compass-security.com> # Date: 2022-03-17 # ############################################################# Introduction ------------ 3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. These applications do not verify the TLS certificate of the 3CX server. - There is no fix from the vendor at the moment. - The new Electron based 3CX Desktop App is not affected. This allows an attacker between the 3CX application and the 3CX server to split the TLS traffic and therefore read and manipulate the transmitted data. For example, the data required for provisioning a new device can be read every time when the app is started. This data can then be used to provision another app. Thus, attackers can provision an own device and use the entire functionality of the app. This includes: - List companies in the phone book - Make phone calls - Listen to voice box - etc. This attack can for example be reproduced by performing an ARP spoofing attack in the network against the target client and by using Burp Suite as a transparent HTTP proxy. Vulnerability Classification ---------------------------- CVSS v3.1 Metrics [2]: - CVSS Base Score: 6.5 (Medium) - CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Workaround / Fix ---------------- # 3CX Vendor The app should correctly verify the server's certificate using the system CA store or implement certificate pinning in the apps. # 3CX Users There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the mobile apps. Users of the legacy Windows client can switch to the new Electron based 3CX Desktop App which is not affected. Timeline -------- 2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45490 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the mobile apps. 2022-03-17: Coordinated public disclosure Acknowledgement --------------- Thanks 3CX for the coordinated dicslosure. References ---------- [1] https://www.3cx.com/ [2] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. BigAnt Software BigAnt Server is a server from Australia's Big Ant Studios. BigAnt Software BigAnt Server v5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 218276 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently available

3CX System through 2022-03-17 stores cleartext passwords in a database. 3CX of 3cx There is a vulnerability in plaintext storage of important information.Information may be obtained. 3CX Phone is a software-based private branch switch. This product can be used with SIP standard-based IP phones, SIP trunks and VoIP gateways to provide a complete communication solution. The 3CX Phone System has a security vulnerability that stems from the fact that the 3CX Phone System stores passwords in clear text and makes them exportable in the management interface. No detailed vulnerability details are currently provided. ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: 3CX Phone System # Vendor: 3CX # CSNC ID: CSNC-2021-022 # CVE ID: CVE-2021-45491 # Subject: Exportable Cleartext Passwords # CWE-ID: CWE-257 (Storing Passwords in a Recoverable Format) # Severity: Medium # Effect: Credential Reuse # Author: Emanuel Duss <emanuel.duss@compass-security.com> # Date: 2022-03-17 # ############################################################# Introduction ------------ 3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. With the Android, iOS and Windows apps, business communication is no longer tied to the office building. [1] During a customer project, we identified a security vulnerability in the 3CX system. Affected -------- - All versions of the 3CX application are affected. - There is no fix from the vendor. This can be verified by exporting the credentials via the admin interface or by looking into the SQL database. This issue is also already documented in the community forum since 2019 [2]. The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. [3] Vulnerability Classification ---------------------------- CVSS v3.1 Metrics [4]: - CVSS Base Score: 5.5 (Medium) - CVSS Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Workaround / Fix ---------------- # 3CX Vendor A password hash function such as PBKDF2, bcrypt or scrypt should be used for passwords. The passwords should also be provided with a salt that is generated individually for each user. This can make attacks that use rainbow tables or pre-calculated wordlists more difficult. # 3CX Users There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the management console. Timeline -------- 2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45491 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the management console. 2022-03-17: Coordinated public disclosure Acknowledgement --------------- Thanks 3CX for the coordinated disclosure. References ---------- [1] https://www.3cx.com/ [2] https://www.3cx.de/forum/threads/klartext-passwort-willkommen-mail-also-auch-in-db.94280/ [3] https://cwe.mitre.org/data/definitions/257.html [4] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N&version=3.1

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. OPC Foundation of ua-nodeset For products from other vendors, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. BigAnt Software BigAnt Server is a server of Australia's BigAnt Studios. BigAnt Software BigAnt Server v5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. BigAnt Software BigAnt Server is a server from Australia's Big Ant Studios. BigAnt Software BigAnt Server version 5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. BigAnt Software BigAnt Server is a server of Australia's BigAnt Studios. BigAnt Software BigAnt Server v5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a denial of service vulnerability that could be exploited by attackers to crash.