VARIoT IoT vulnerabilities database

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. BigAnt Software BigAnt Server is a server of Australia's BigAnt Studios. BigAnt Software BigAnt Server v5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). BigAnt Software BigAnt Server is a server from BigAnt Studios in Australia. BigAnt Software BigAnt Server version 5.6.06 has security vulnerabilities, and no detailed vulnerability details are currently provided

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 3CX of Iphone_os for 3cx Exists in a certificate validation vulnerability.Information may be obtained and information may be tampered with. ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: 3CX Client for Windows (legacy), Android & iOS # Vendor: 3CX # CSNC ID: CSNC-2021-021 # CVE ID: CVE-2021-45490 # Subject: Missing Certificate Verification # CWE-ID: CWE-295 (Improper Certificate Validation) # Severity: Medium # Effect: Network Traffic Decryption and Manipulation # Author: Emanuel Duss <emanuel.duss@compass-security.com> # Date: 2022-03-17 # ############################################################# Introduction ------------ 3CX is an open-platform office phone system that runs on premise on Windows or Linux. 3CX was built for mobility, with remote work apps that offer secured communication for the whole team. These applications do not verify the TLS certificate of the 3CX server. - There is no fix from the vendor at the moment. - The new Electron based 3CX Desktop App is not affected. This allows an attacker between the 3CX application and the 3CX server to split the TLS traffic and therefore read and manipulate the transmitted data. For example, the data required for provisioning a new device can be read every time when the app is started. This data can then be used to provision another app. Thus, attackers can provision an own device and use the entire functionality of the app. This includes: - List companies in the phone book - Make phone calls - Listen to voice box - etc. This attack can for example be reproduced by performing an ARP spoofing attack in the network against the target client and by using Burp Suite as a transparent HTTP proxy. Vulnerability Classification ---------------------------- CVSS v3.1 Metrics [2]: - CVSS Base Score: 6.5 (Medium) - CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Workaround / Fix ---------------- # 3CX Vendor The app should correctly verify the server's certificate using the system CA store or implement certificate pinning in the apps. # 3CX Users There is no security update for this vulnerability at the moment. According to the 3CX, the vulnerability will be tackled in future redesigns of the mobile apps. Users of the legacy Windows client can switch to the new Electron based 3CX Desktop App which is not affected. Timeline -------- 2021-12-16: Vulnerability discovered 2021-12-17: Discussed vulnerability with our customer Asked 3CX for security contact on Twitter, community forum, support email and contact form. Got response via support mail. Security contact was dpo@3cx.com Provided details Requested CVE ID @ MITRE 2021-12-25: Assigned CVE-2021-45490 2022-01-03: Asked vendor if they understood the vulnerability. Answer: Report was distributed internally. 2022-01-18: Asked vendor for any updates. 2022-02-02: Asked vendor for any updates. 2022-02-10: Asked vendor for any updates. 3CX can't tell when the issue will be fixed. 2022-03-11: Asked vendor for any updates. 3CX thanked for the report. Issues will be tackled in future redesigns of the mobile apps. 2022-03-17: Coordinated public disclosure Acknowledgement --------------- Thanks 3CX for the coordinated dicslosure. References ---------- [1] https://www.3cx.com/ [2] https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1

Arista Networks is one of the leading manufacturers of networking equipment for large data centers, high performance computing systems and cloud networking solutions. Arista VEOS has a denial of service vulnerability that could be exploited by attackers to crash.

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC9 version 15.03.2.21. The vulnerability arises from the fact that when the ntpserver parameter in the SetSysTimeCfg function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to cause arbitrary command execution

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. There is a buffer overflow vulnerability in Tenda AC9 15.03.2.21. The vulnerability arises from the fact that when the list parameter in the SetStaticRoutecfg function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to execute arbitrary commands

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. The Tenda AC6 is a wireless router from the Chinese company Tenda

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. The Tenda AC6 is a wireless router from the Chinese company Tenda

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6. The vulnerability arises from the fact that the deviceId parameter in the saveParentControlInfo function does not properly verify the data boundary when performing operations on memory. An attacker can exploit this vulnerability to execute arbitrary commands

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. The Tenda AC9 is a wireless router from the Chinese company Tenda

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the dosystemcmd parameter in the sub_a3550 function fails to properly filter the special elements that construct the code segment

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. The Tenda AC6 is a wireless router from the Chinese company Tenda

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. The Tenda AC6 is a wireless router from the Chinese company Tenda

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. The Tenda AC9 is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda AC9 Formsetqosband function, which can be exploited by an attacker to cause arbitrary command execution

Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. The Tenda AC9 is a wireless router from the Chinese company Tenda

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. The Tenda AC9 is a wireless router from the Chinese company Tenda

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. The Tenda AC6 is a wireless router from the Chinese company Tenda

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. Tenda AC6 is a wireless router

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. There is a buffer overflow vulnerability in Tenda AC9 15.03.2.21. The vulnerability arises from the fact that the firewallen parameter in the SetFirewallCfg function does not properly verify the data boundary when performing operations on memory. An attacker can exploit this vulnerability to cause arbitrary command execution

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the vlanid parameter in the SetIPTVCfg function fails to properly filter the special elements that construct the code segment