VARIoT IoT vulnerabilities database

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Web Security Appliance is a web security appliance. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. For the stable distribution (bullseye), these problems have been fixed in version 2.9.20-0+deb11u1. We recommend that you upgrade your snort packages. For the detailed security status of snort please refer to its security tracker page at: https://security-tracker.debian.org/tracker/snort Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmPw/Y5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQRrA/9EQ9kF1LT2fYUGFMyKeCQQFTB8tfIsyz2VUrGUtWlVDKsDVqfEMWa6Zwx rAaFnAPOBi1KNX1laencuphuiDIxLmvA0ShpHKo/R3vY4WXmNwJMjPWNr82oTw8j CEggyfj9i5V1EwZZi0B3L4WP1pCQcJRN6XVB3FJWZScyQFtRH0xO7l9acIV68lTs 9hGDDe2wn5ufHh0sXskZitgYoXfdHjjl3CzFxrmGGDq9KFr8rDIEUnZrm58DCRNL RkDmvxrEEsXGmzQlhT/2ea88aIXgNM4xnDztr3iV1v8JOMb6BwehrH43NgdDb5V8 6xBcHuXOLNI75mca1TQxwUd8PSNo3YK60IbDC2ztcUIIvl1xk8bDFyABb3gKvGoR izKFYej4hNeZb+0HWHsnO9vvP4t6LkKF/iIGNNVNmA9ZJA94ESCfItSozIITqRE2 sJQ43X9uQhX2p/dfeyNoOJDhie0RyZyg0rPxIDNonP1YJ8kTjMMHnRNqGn9MkVYK bNr1/sdLhH0TXvs5XoL9b9YjUPL67hDHL9bHLByOKNSxXrth+TcqFX+eg7Bztn1A vS4Sc2TWCuBa3jdrS9WJiy58aB1sTABRhN+tY4wVs+A9vIr1dKHn4wsB8axmpYDW cyzVbz9Q+fC+gXwDusZccBqfD7rByEFWXflBFI4PDXRrW+NPy8w\xdb5k -----END PGP SIGNATURE-----

Shenzhen Airspace Technology Co., Ltd. ("Airspace Technology" for short) is a network communication equipment supplier rooted in Shenzhen, dedicated to the research and development of network communication equipment products. Airspace technology WIFISKY 7-layer flow control router has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Suzhou Keda Technology Co., Ltd. is a leading provider of video and security products and solutions. It is committed to helping various government and corporate customers improve communication and management efficiency with video conferencing, video surveillance, and rich video application solutions. The MSS streaming media server of Suzhou Keda Technology Co., Ltd. has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Huawei HG659 is a home gateway. Huawei HG659 has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition. Cisco has not released software updates that address this vulnerability. plural Cisco Small Business Router There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco Small Business is a switch of Cisco (Cisco)

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. (DoS) It may be put into a state. AppDynamics.NET Agent for Windows is used to monitor IIS applications, Windows services or stand-alone applications

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda enterprise routers have weak password vulnerabilities. Attackers use weak passwords to log in to the background to obtain sensitive information.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. The network gateway of Hangzhou Hikvision Digital Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Lenovo Driver Management Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Lenovo Driver Management is a Lenovo power management driver for Windows 10, 8.1, 8, 7 (32-bit, 64-bit) from Lenovo, China

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. An attacker can use this vulnerability to modify the configuration without authorization

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. Vendor exploits this vulnerability IBM X-Force ID: 192737 It is published as.Information may be tampered with

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. Attackers can use this vulnerability and combine other vulnerabilities to execute arbitrary operating system commands

RG_NBR900G is a wireless router. Ruijie Networks Co., Ltd. RG_NBR900G has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Shenzhen Zhizhi High-tech Development Co., Ltd. was established in September 2013. It is a high-tech enterprise with independent intellectual property rights, professional R&D, production and sales of smart smart homes. The Cape gooseberry router has weak password vulnerabilities. Attackers use weak passwords to log in to the background to obtain sensitive information.

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A log information disclosure vulnerability exists in Dell EMC PowerScale OneFS due to the fact that a malicious actor with ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE privileges could gain access to privileged information