VARIoT IoT vulnerabilities database

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents. macOS Exists in unspecified vulnerabilities.Information may be obtained. Apple macOS Big Sur versions prior to 11.0.1 have a permission and access control issue vulnerability, which stems from the fact that local applications can enumerate the user's iCloud documents

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory. macOS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. plural Apple The product contains a usage of freed memory vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. plural Apple The product contains an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Apple watchOS is a smart watch operating system developed by Apple (Apple)

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. macOS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Apple macOS Big Sur is a mobile application APP of Apple (Apple)

Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. plural Apple There are unspecified vulnerabilities in the product.Information may be tampered with

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution

An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. macOS Exists in unspecified vulnerabilities.Information may be obtained

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. ------------------------------------------ [Vulnerability Type] Insecure Permissions ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Root user through file /etc/passwd ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Attack Vectors] To exploit the vulnerability, someone must be able to get local presence on the device. e.g. through command injection or by using the telnet interface as a low-privileged user. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20466

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Videostream of camera ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker simply needs to be able to connect to the device over the network. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20465

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Videostream of camera ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker simply needs to be able to connect to the device over the network. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20464

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. ------------------------------------------ [VulnerabilityType Other] Denial of Service due to incorrect error handling ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Webserver, custom UDP handling binary. ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] Any attacker capable of reaching the device with a network packet is capable of causing a DoS. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20463

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. Luvion Grand Elite 3 Connect Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Luvion ------------------------------------------ [Affected Product Code Base] Luvion Grand Elite 3 Connect - Could not be determined ------------------------------------------ [Affected Component] Underlying linux system. ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Any attacker with network access can exploit this vulnerability. ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Jim Blankendaal, Martijn Baalman from Qbit in assignment of Consumentenbond. ------------------------------------------ [Reference] N/A Use CVE-2020-11925

An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. ------------------------------------------ [Additional Information] Wi-Fi credentials are stored in plain-text on the light bulb. These credentials can be obtained by reading the flash memory directly using a logic analyzer. ------------------------------------------ [VulnerabilityType Other] Information disclosure ------------------------------------------ [Vendor of Product] WiZ Connected ------------------------------------------ [Affected Product Code Base] WiZ Colors A60 - 1.14.0 ------------------------------------------ [Affected Component] WiZ Colors A60 ------------------------------------------ [Attack Type] Physical ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] Physical, access to the chip is required. ------------------------------------------ [Reference] N/A ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Jasper Nota, Willem Westerhof, Wouter Wessels, Jim Blankendaal from Qbit in assignment of the Consumentenbond. Use CVE-2020-11924

An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. WiZ Colors A60 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Applications use general logs to reflect all kind of information to the terminal. The WIZ application does also use logs, however instead of only generic information also API credentials are submitted to the android log. The information that is reflected in the logging can be used to perform authorised requests in behalf of the user and therefore controlling the lights just as the user can do using the application. In order to obtain the information access to the device logs is required. This can most easily be done via local access and also by other apps on rooted devices. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] WiZ Connected ------------------------------------------ [Affected Product Code Base] WiZ Colors A60 - 1.14.0 ------------------------------------------ [Affected Component] Wiz Android Application 1.15.0 ------------------------------------------ [Attack Type] Physical ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] Physical access or local root access on the mobile phone is required in order to exploit this issue. ------------------------------------------ [Reference] N/A ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Wouter Wessels, Willem Westerhof, Jasper Nota, Jim Blankendaal Use CVE-2020-11923

A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets. Provides centralized tools for securing, managing, versioning, tracking, and reporting automation-related asset information across the plant Rockwell Automation FactoryTalk AssetCentre AssetCentre verifies a security vulnerability in the ArchiveService.rem service that allows remote, unauthorized An authenticated attacker executes arbitrary commands in FactoryTalk Asset Center

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines. Rockwell Automation Provided by the company FactoryTalk AssetCentre The following multiple vulnerabilities exist in. * Deserialize untrusted data (CWE-502) - CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 , CVE-2021-27460 ‥ * Use of potentially dangerous functions (CWE-676) - CVE-2021-27474 ‥ * OS Command injection (CWE-78) - CVE-2021-27476 ‥ * SQL injection (CWE-89) - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464The expected impact depends on each vulnerability, but it may be affected as follows. * Arbitrary command executed by an unauthenticated remote third party - CVE-2021-27476 , CVE-2021-27470 , CVE-2021-27466 , CVE-2021-27462 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Confidential data is changed - CVE-2021-27474 ‥ * Any by an unauthenticated remote third party SQL The statement is executed - CVE-2021-27472 , CVE-2021-27468 , CVE-2021-27464 ‥ * By an unauthenticated remote third party FactoryTalk AssetCentre Accessed to main server and all agent machines - CVE-2021-27460. Rockwell Automation FactoryTalk AssetCentre is an asset management software tool launched by Rockwell Automation, USA, which can be used by manufacturers and industrial enterprises for centralized management of controllers and other automation-related assets