VARIoT IoT vulnerabilities database

D-Link DIR-816 is a wireless router under D-Link's D-Link brand, manufactured in mainland China. The DIR-816 750M11AC wireless router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device. DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.

Vigor2960 is a product of DrayTek in Taiwan, China. It is a load balancing router and VPN gateway device. DrayTek Vigor2960 has a command execution vulnerability, which can be exploited by attackers to obtain ROOT privileges.

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Vendor exploits this vulnerability IBM X-Force ID: 199278 Is published as.Information may be obtained. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. Attackers may use this vulnerability to obtain sensitive information

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. The WR1045ND of Universal Technology Co., Ltd. has a weak password vulnerability. Attackers use the vulnerability to log in to the system background to obtain sensitive information.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Universal Technology Co., Ltd. WDR4300 has a weak password vulnerability. Attackers use the vulnerability to log in to the system backend to obtain sensitive information.

The business of Huawei Technologies Co., Ltd. includes switches, transmission equipment, data communication equipment, broadband multimedia equipment, power supplies, wireless communication equipment, microelectronics products, software, etc. The AR Web management platform has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

DIR-816 is a wireless router under the D-Link brand. DIR-816 has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

D-Link Electronic Equipment (Shanghai) Co., Ltd. is a company mainly engaged in network equipment, wireless equipment, switches and other projects. DHP-W310AV has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Sapido was established in Tainan in 2006. It is a brand of network communication products and Internet of Things that has obtained the Taiwanese Smile Mark. The N-speed Gigabit multi-network wireless broadband sharing device has a command execution vulnerability, which can be used by an attacker to gain control of the server.

AC11 router is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes. The AC11 router has a binary vulnerability, which can be exploited by an attacker to gain control of the server.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Universal Technology Co., Ltd. WDR3600 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system backend to obtain sensitive information.

IDS-WEBCAM is an industrial camera. IDS-WEBCAM has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. IBM Security Verify Access Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. IBM Application Gateway is an application gateway of IBM Corporation in the United States. Provides a containerized secure Web reverse proxy, which is designed to be in front of your application and seamlessly add authentication and authorization protection to your application. An information disclosure vulnerability exists in IBM Application Gateway. The vulnerability stems from the fact that the program allows web pages to be stored locally for other users on the system to read. Attackers may use this vulnerability to obtain sensitive information

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges. IBM Security Verify Access Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The service uses risk-based access, single sign-on, integrated access management control, identity federation, and mobile multi-factor authentication to achieve safe and simple access to platforms such as web, mobile, IoT, and cloud technologies

TL-WR1043ND is an 11n wireless router designed for small and medium enterprises, SOHO and home users. TP-LINK TL-WR1043ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TL-WR840N is a wireless router. TP-LINK TL-WR840N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MikroTik was founded in 1995 and is headquartered in Riga, Latvia. It is mainly engaged in the development of routers and wireless ISP systems. MikroTik CHR router has a denial of service vulnerability, which can be exploited by attackers to cause the program to crash.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hangzhou Hikvision Digital Technology Co., Ltd. Network Video Recorder has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095 Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE----- . See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434) Bug fixes: * RHACM 2.2.9 images (BZ #1999601) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999601 - RHACM 2.2.9 images 1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. ========================================================================== Ubuntu Security Notice USN-4967-1 May 26, 2021 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: nginx could be made to crash or run programs if it received specially crafted network traffic. Software Description: - nginx: small, powerful, scalable web/proxy server Details: Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: nginx 1.18.0-6ubuntu8.2 nginx-common 1.18.0-6ubuntu8.2 nginx-core 1.18.0-6ubuntu8.2 nginx-extras 1.18.0-6ubuntu8.2 nginx-full 1.18.0-6ubuntu8.2 nginx-light 1.18.0-6ubuntu8.2 Ubuntu 20.10: nginx 1.18.0-6ubuntu2.2 nginx-common 1.18.0-6ubuntu2.2 nginx-core 1.18.0-6ubuntu2.2 nginx-extras 1.18.0-6ubuntu2.2 nginx-full 1.18.0-6ubuntu2.2 nginx-light 1.18.0-6ubuntu2.2 Ubuntu 20.04 LTS: nginx 1.18.0-0ubuntu1.2 nginx-common 1.18.0-0ubuntu1.2 nginx-core 1.18.0-0ubuntu1.2 nginx-extras 1.18.0-0ubuntu1.2 nginx-full 1.18.0-0ubuntu1.2 nginx-light 1.18.0-0ubuntu1.2 Ubuntu 18.04 LTS: nginx 1.14.0-0ubuntu1.9 nginx-common 1.14.0-0ubuntu1.9 nginx-core 1.14.0-0ubuntu1.9 nginx-extras 1.14.0-0ubuntu1.9 nginx-full 1.14.0-0ubuntu1.9 nginx-light 1.14.0-0ubuntu1.9 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx118-nginx security update Advisory ID: RHSA-2021:2258-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2258 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ===================================================================== 1. Summary: An update for rh-nginx118-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx118-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6 RrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD 1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy clLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6 Y3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2 skkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi KTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK fBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2 pIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h MEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5 hsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9 jVrMgzAG88I= =av6T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The following packages have been upgraded to a later upstream version: nginx (1.20.1)