VARIoT IoT vulnerabilities database

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco IOS XE SD-WAN Is vulnerable to input validation.Denial of service (DoS) It may be put into a state

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco IOS XE SD-WAN Is vulnerable to injection.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system from Cisco

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. The program provides online status display, instant messaging, voice and other functions

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco IOS XE Exists in the use of out-of-range pointer offsets.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. Cisco IOS XE SD-WAN Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS is an operating system developed for its network equipment. CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software

Beijing Yinghantong Network Technology Co., Ltd. is an Internet of Things (IoT) technology company that provides safe and reliable industrial routers, industrial switches, industrial IoT gateways, industrial wireless communication modules and other products and IoT solutions. Beijing Yinghantong Network Technology Co., Ltd. IG902H edge computing gateway has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to fail to work normally.

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126. plural NETGEAR A vulnerability exists in the device regarding the password management function.Information may be obtained and information may be tampered with. This affects RBK852 prior to 3.2.10.11, RBK853 prior to 3.2.10.11, RBR854 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, RBS850 prior to 3.2.10.11, CBR40 prior to 2.5.0.10, R7000 prior to 1.0.11.116, R6900P prior to 1.3.2.126, R7900 prior to 1.0.4.38, R7960P prior to 1.4.1.66, R8000 prior to 1.0.4.66, R7900P prior to 1.4.1.66, R8000P prior to 1.4.1.66, RAX75 prior to 1.0.3.102, RAX80 prior to 1.0.3.102, and R7000P prior to 1.3.2.126

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBW30 prior to 2.6.2.2, RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBK753 prior to 3.2.17.12, RBK753S prior to 3.2.17.12, RBK754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBK753 prior to 3.2.17.12, RBK753S prior to 3.2.17.12, RBK754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBW30 prior to 2.6.2.2, RBS40V prior to 2.6.2.4, RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBK753 prior to 3.2.17.12, RBK753S prior to 3.2.17.12, RBK754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBR752 prior to 3.2.17.12, RBR753 prior to 3.2.17.12, RBR753S prior to 3.2.17.12, RBR754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. plural NETGEAR The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBW30 prior to 2.6.2.2, RBS40V prior to 2.6.2.4, RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, RBS850 prior to 3.2.17.12, RBK752 prior to 3.2.17.12, RBK753 prior to 3.2.17.12, RBK753S prior to 3.2.17.12, RBK754 prior to 3.2.17.12, RBR750 prior to 3.2.17.12, and RBS750 prior to 3.2.17.12

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. plural NETGEAR A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This affects RBK852 prior to 3.2.17.12, RBK853 prior to 3.2.17.12, RBK854 prior to 3.2.17.12, RBR850 prior to 3.2.17.12, and RBS850 prior to 3.2.17.12

NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. NETGEAR RBR850 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486. Vendor exploits this vulnerability IBM X-Force ID: 193486 Is published as.Denial of service (DoS) It may be put into a state

The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). Reason DR60 is a centralized, integrated multifunctional digital fault recorder (DFR) launched by GE. GE Reason DR60 firmware before 02A04.1 has a code injection vulnerability. The vulnerability stems from the fact that the software uses externally-influenced input from upstream components to construct all or part of the code segment, but does not neutralize or incorrectly neutralize special elements that may modify the syntax or behavior of the expected code segment. Attackers can use this vulnerability to inject code