VARIoT IoT vulnerabilities database

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. ABB FLXeon is a series of controllers from Swiss company ABB

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests.  This issue affects FLXEON: through <= 9.3.4. ABB FLXeon is a series of controllers from Swiss company ABB. No detailed vulnerability details are available at this time

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. iPadOS , iOS , macOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. VisionOS is an AR glasses system released by Apple at the 2023 Apple Worldwide Developers Conference on June 6, 2023. Apple Vision Pro will be equipped with this system for the first time. tvOS is a TV operating system developed by Apple based on iOS. watchOS is a watch operating system developed by Apple based on iOS for use on Apple Watch. iPadOS‌ is a mobile operating system developed by Apple for iPad devices. It is developed based on iOS and is optimized specifically for iPad. macOS is an operating system developed by Apple that runs on Macintosh computers. ‌ Many Apple products have a memory release and reuse vulnerability, which attackers can exploit to elevate privileges

DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. D-Link DIR-825 is a router from D-Link. There is a command injection vulnerability in DLINK DIR-825 REVB 2.03 version. The vulnerability is caused by the failure to properly filter special characters and commands in the CGl interface apc_client_pin.cgi

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. TRENDnet of TEW-632BRP Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. SUNGROW of WiNet-S A heap-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. SUNGROW of WiNet-S Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. SUNGROW of WiNet-S A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. SUNGROW of WiNet-S A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. SUNGROW of WiNet-S A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained and information may be tampered with. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates. SUNGROW of WiNet-S A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained and information may be tampered with. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp. D-Link Systems, Inc. of DSL-3782 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. D-Link DSL-3782 is a wireless router from D-Link of China. The vulnerability is caused by /New_GUI/ParentalControl.asp failing to properly verify the length of input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon&nbsp;REST API users. An attacker could exploit this vulnerability by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management. Cisco Meeting Management is software used by Cisco to manage and schedule meetings

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.0 and before 7.0.5, FortiADC version 7.0.0 through 7.0.1 and before 6.2.3 , FortiDDoS before version 5.5.1, FortiDDoS-F before version 6.3.3, FortiTester before version 7.2.1, FortiSOAR before version 7.2.2 and FortiSwitch before version 6.3.3 allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver. FortiADC , FortiAuthenticator , FortiDDoS Several Fortinet products, including the above, contain vulnerabilities that allow externally controlled access to resources in other areas.Information may be obtained and information may be tampered with

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (lan_ipaddr) is copied to the stack without length verification. Linksys of e8450 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys E8450 is an E-series wireless router from Linksys, an American company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. (DoS) It may be in a state. Linksys E8450 is a router from Linksys, an American company. Attackers can exploit this vulnerability to cause arbitrary command execution

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (action) is copied to the stack without length verification. Linksys E8450 is an E-series wireless router from Linksys, an American company. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. Linksys E8450 is an E-series wireless router from the American company Linksys. Attackers can exploit this vulnerability to cause arbitrary command execution

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field (anonymous_protect_status) is copied to the stack without length verification. Linksys E8450 is an E-series wireless router from Linksys, an American company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack