VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager There are vulnerabilities in inadequate protection of credentials.Information may be obtained

A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is provided to the vDaemon service of an affected system. An attacker could exploit this vulnerability by sending malicious data to the vDaemon listening service on the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could allow the attacker to cause the vDaemon listening service to reload and result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Systems Cisco Catalyst SD-WAN Manager There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a past traversal vulnerability.Information may be obtained

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands. An attacker could exploit this vulnerability by sending crafted requests to the affected commands of an affected system. A successful exploit could allow the attacker to bypass authorization checking and gain restricted access to the configuration data of the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability

X188G is a router. Shenzhen Meikexing Communication Technology Co., Ltd. X188G has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

The business scope of China Mobile Communications Co., Ltd. includes: IP telephony business; Internet access service business, Internet backbone network data transmission business; engaged in the design of mobile communications, IP telephony and Internet networks. Multiple gateways of China Mobile Communications Co., Ltd. have a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. Ellipse Enterprise Asset Management (Ellipse EAM) is a business process management software Ellipse application provided by Ellipse in the UK. There is a cross-site scripting vulnerability. The browser runs these codes

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. Ellipse Enterprise Asset Management (Ellipse EAM) is a business process management software provided by Ellipse Industrial Equipment in the UK

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. The solution supports online diagnosis, system operation detection, equipment management, etc

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. DELL Dell EMC OpenManage Server Administrator is a set of system management solutions from DELL Corporation in the United States. The solution supports online diagnosis, system operation detection, equipment management, etc. Microsoft Windows is a desktop operating system of Microsoft Corporation in the United States

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. HarmonyOS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. HarmonyOS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products. Huafu Kaiwu controX has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products. Huafu Kaiwu controX has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

The controX (Huafu Kaiwu) series of industrial configuration software is a cross-platform general-purpose operating system for the next generation of operating systems developed by Beijing Huafu Yuanke Technology Co., Ltd. after years of development in full integration of user needs and the latest development direction in the field of industrial automation Configuration platform software products. Huafu Kaiwu controX has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. The TL-ER6110G of Universal Technology Co., Ltd. has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Universal Technology Co., Ltd. WTC181 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Universal Technology Co., Ltd. TL-XDR3250 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. Dell SRS Policy Manager is an application software of Dell (Dell)