VARIoT IoT vulnerabilities database

CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions. Omron's small PLC series CP1L has a denial of service vulnerability. Attackers can use the vulnerability to clear the logic files running inside the device, causing production and business interruption.

FX3U series Mitsubishi PLC is the third-generation micro-programmable controller. Mitsubishi PLC FX3U-32M has a denial of service vulnerability. Attackers can use the vulnerability to cause the RUN light of the device to go out and the output module to stop working.

Unicom optical modem is a router. There is an information disclosure vulnerability in the wolink plug-in of China Unicom Optical Cat. The vulnerability is caused by the failure of the plug-in authentication process. Attackers can use the vulnerability to obtain sensitive information.

Unicom optical modem is a router. There is a command execution vulnerability in the Unicom Optical modem web service. Attackers can use the vulnerability to obtain server permissions.

Rockchip focuses on mobile Internet and digital multimedia chip design, and is a professional personal mobile information terminal SOC solution provider. Rockchip Microelectronics Co., Ltd. Rockchip has a binary vulnerability. Attackers can use the vulnerability to launch a denial of service attack.

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. NATS nats-server Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. TP-Link Archer A7 There is a link interpretation vulnerability in.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TP-Link Archer A7 is a wireless router of China's TP-Link company. No detailed vulnerability details are currently provided

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. UniFi Protect An authentication vulnerability exists in the controller.Information may be tampered with. Ubiquiti Networks UniFi Cloud Key is a key device from Ubiquiti Networks that supports the management of UniFi networks. This vulnerability number has been assigned, and the vulnerability details will be updated soon

Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision) is a video-centric intelligent IoT solution and big data service provider. The management server V2.3 of Hangzhou Hikvision Digital Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the server background.

HGW RL821GWV-D is a router. Excitel HGW RL821GWV-D has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

EPON RL821GWV-D is a router. Richerlink EPON RL821GWV-D has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

EPON SY-GPON-1110-WDAONT is a router. Syrotech EPON SY-GPON-1110-WDAONT has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

EPON RL821GWV is a router. Technxt EPON RL821GWV has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Suzhou Inovance Technology Co., Ltd. is a national high-tech enterprise specializing in the research and development, production and sales of industrial automation and new energy related products. Suzhou Inovance Technology Co., Ltd. HTodEditor has a denial of service vulnerability. The vulnerability is caused by memory corruption in the H0U-XP software (HTodEditor) processing htd files. Attackers can construct malformed htd files and cause the program to crash.

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. iOS , iPadOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2 iOS 14.2 and iPadOS 14.2 are now available and address the following issues. Information about the security content is also available at https://support.apple.com/HT211929. Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab CallKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A user may answer two calls simultaneously without indication they have answered a second call Description: An issue existed in the handling of incoming calls. CVE-2020-27925: Nick Tangri CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Crash Reporter Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan FontParser Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27930: Google Project Zero FontParser Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab IOAcceleratorFamily Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-27905: Mohamed Ghannam (@_simo36) Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27950: Google Project Zero Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27932: Google Project Zero Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management. CVE-2020-27902: Connor Ford (@connorford2) libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27926: found by OSS-Fuzz Logging Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: an anonymous researcher Safari We would like to acknowledge Gabriel Corona for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.2 and iPadOS 14.2". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6 jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk 5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53 ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8= =9YuD -----END PGP SIGNATURE-----