VARIoT IoT vulnerabilities database

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. Samsung FactoryCameraFB is a system application of Samsung Corporation. Samsung Mobile FactoryCameraFB has an access control error vulnerability

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Samsung Messages is an application for Samsung mobile devices. Provides a tool that comes pre-installed by default on all its official devices. Samsung Message has an information disclosure vulnerability. The vulnerability stems from the lack of appropriate protection permissions in the product's SmsViewerActivity component. An attacker can exploit this vulnerability to access the Message file

Visual Tools is a brand of AX Solutions. AX Solutions is a company with high-tech features and unique video solutions. It is well-known for its innovative capabilities, product quality and service mission. Visual Tools DVR has an unauthorized command execution vulnerability. Attackers can use this vulnerability to escalate apache privileges to root. Combined with the vulnerability, they can execute arbitrary commands on the target device with root privileges.

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertion vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. Mikrotik RouterOs Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a buffer error vulnerability in Mikrotik RouterOs. The following products and versions are affected: Mikrotik RouterOs prior to 6.44.6. Re: Three vulnerabilities found in MikroTik's RouterOS

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik's RouterOS

Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Three vulnerabilities found in MikroTik's RouterOS

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Re: Two vulnerabilities found in MikroTik's RouterOS

Shanghai Phicomm Data Communication Technology Co., Ltd. is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes. Phicomm router K1 version has weak password vulnerability. Attackers can use this vulnerability to log in to the background to obtain sensitive information.

Yingying Information actively creates a smart road monitoring integration platform, and has been earnestly operating its own brand KGuard for many years. Its main products include home security combokits for digital surveillance video recorders (Home Security ComboKit), etc. KGuard DVR has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information and provide arbitrary command execution.

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. Philips Vue PACS There is a vulnerability in the lack of encryption of critical data.Information may be obtained

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Philips Vue PACS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. Philips Vue PACS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. Philips Vue PACS Is vulnerable to injection.Information may be obtained and information may be tampered with

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Philips Vue PACS Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. Philips Vue PACS Exists in an inadequate protection of credentials.Information may be obtained

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwFreRPT.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.