VARIoT IoT vulnerabilities database

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. Fortinet FortiWeb Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. FortiOS autod daemon and FortiProxy Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated attacker to perform stored cross-site scripting (XSS) by storing a malicious payload

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated user to perform an XSS attack via a crafted HTTP GET request

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. Fortinet FortiAuthenticator There is a vulnerability related to information leakage.Information may be obtained

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. Android Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung FilterProvider is a system app for Samsung mobile devices. Samsung FilterProvider has a privilege escalation vulnerability, which is caused by the lack of correct validation logic in FilterProvider. An attacker could exploit this vulnerability to escalate privileges

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. Android Exists in a permission management vulnerability.Information may be obtained. Samsung lock screen is a feature of Samsung mobile devices. An information disclosure vulnerability exists in the Samsung lock screen

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung SemRewardManager is an application for Samsung mobile devices. Samsung SemRewardManager has an information disclosure vulnerability. Attackers can exploit this vulnerability to access BSSID

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung RRC MeasurementReport is a radio resource control protocol measurement report for Samsung mobile devices. The vulnerability is caused by the lack of correct RRC security variable checks in the Exynos baseband. Attackers can use this vulnerability to track location

An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. Android Exists in unspecified vulnerabilities.Information may be obtained. Samsung Tags is a tagging feature for Samsung mobile devices. An attacker can exploit this vulnerability to access sensitive information

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames. TP-Link AX10v1 Exists in a vulnerability related to the leakage of resources to the wrong area.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from China's Tp-link company

FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. Windows for FlexiHub Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FlexiHub is a sharing and accessing remote device of the FlexiHub team. Flexhub For Windows has a security vulnerability

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.). WSO2 Identity Server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Identity Server (IS) is an identity authentication server of WSO2 company in the United States. There is a security vulnerability in WSO2 Identity Server. (recoverpassword. No detailed vulnerability details are currently provided

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.). Couchbase Sync Gateway There is a vulnerability related to information leakage.Information may be obtained and information may be tampered with. Couchbase Sync Gateway is a secure Web gateway for data access and data synchronization via the Web from Couchbase Corporation of the United States

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. plural Fortinet The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States

A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. UniFi A resource exhaustion vulnerability exists in switch firmware.Service operation interruption (DoS) It may be in a state

A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. Contiki-NG Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Contiki-NG is an open source cross-platform operating system for next-generation IoT (Internet of Things) devices. There is a security vulnerability in os/net/mac/ble/ble-l2cap.c in the ble stack of Contiki-NG 4.4 and earlier versions