VARIoT IoT vulnerabilities database

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500. plural Huawei The product contains a vulnerability in handling exceptional conditions.Denial of service (DoS) It may be put into a state

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data. DELL Dell EMC Avamar Server is a set of fully virtualized backup and recovery software for servers from Dell (DELL). An authorization issue vulnerability exists in Dell EMC Avamar Server, which originates from the lack of authentication measures or insufficient authentication strength in network systems or products

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SSD Toolbox Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. A default configuration problem vulnerability exists in Intel SSD Toolbox, which originates from the use of insecure default configurations in network systems or products

Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) EPID SDK Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in the Intel EPID SDK. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. Linux for Intel(R) FPGA OPAE The driver contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There are permissions and access control vulnerabilities in Intel Trace Analyzer and Collector, which originate from the lack of effective permissions and access control measures in network systems or products

Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Quartus Prime Pro and Standard Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access. Intel(R) XTU Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel XTU. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements

Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. WebRTC for Intel(R) Collaboration Suite Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a permission and access control vulnerability in Intel Collaboration Suite for WebRTC. The vulnerability stems from the lack of effective permission and access control measures in network systems or products

There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12207 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of HPG files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12178 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TGA files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12163 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CGM files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds write. Zero Day Initiative To this vulnerability ZDI-CAN-12182 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PCT files. The Tenda AC18 is a router from the Chinese company Tenda

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12158 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12209 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLT files

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882. Vendor exploits this vulnerability IBM X-Force ID: 194882 Is published as.Information is obtained and denial of service (DoS) It may be put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the EDataGraphImpl class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. This product is a platform for JavaEE and Web service applications, as well as the foundation of the IBM WebSphere software platform. There is a code problem vulnerability in IBM WebSphere Application Server, which stems from improper design or implementation problems in the code development process of network systems or products. No detailed vulnerability details are currently provided

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283). JT2Go and Teamcenter Visualization Is vulnerable to an out-of-bounds read. Zero Day Initiative To this vulnerability ZDI-CAN-12283 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of RAS files

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018). JT2Go and Teamcenter Visualization Is vulnerable to a buffer error. Zero Day Initiative To this vulnerability ZDI-CAN-12018 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files