VARIoT IoT vulnerabilities database

VAR-202011-1559 | No CVE | Omron small PLC series CP1L has a denial of service vulnerability (CNVD-2020-58494) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
CP1L is an Omron small PLC series, integrated PLC with built-in pulse output, analog input and output, and serial communication functions.
Omron's small PLC series CP1L has a denial of service vulnerability. Attackers can use the vulnerability to clear the logic files running inside the device, causing production and business interruption.
VAR-202011-1599 | No CVE | Mitsubishi PLC FX3U-32M has a denial of service vulnerability (CNVD-2020-58825) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
FX3U series Mitsubishi PLC is the third-generation micro-programmable controller.
Mitsubishi PLC FX3U-32M has a denial of service vulnerability. Attackers can use the vulnerability to cause the RUN light of the device to go out and the output module to stop working.
VAR-202011-1519 | No CVE | An information disclosure vulnerability exists in the wolink plugin of Unicom Optical Cat |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Unicom optical modem is a router.
There is an information disclosure vulnerability in the wolink plug-in of China Unicom Optical Cat. The vulnerability is caused by the failure of the plug-in authentication process. Attackers can use the vulnerability to obtain sensitive information.
VAR-202011-1521 | No CVE | A command execution vulnerability exists in the Unicom Optical modem web service |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
Unicom optical modem is a router.
There is a command execution vulnerability in the Unicom Optical modem web service. Attackers can use the vulnerability to obtain server permissions.
VAR-202011-1522 | No CVE | Rockchip Microelectronics Co., Ltd. Rockchip has a binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Rockchip focuses on mobile Internet and digital multimedia chip design, and is a professional personal mobile information terminal SOC solution provider.
Rockchip Microelectronics Co., Ltd. Rockchip has a binary vulnerability. Attackers can use the vulnerability to launch a denial of service attack.
VAR-202011-0384 | CVE-2020-26892 | NATS nats-server Vulnerability in Using Hard Coded Credentials |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. NATS nats-server Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture
VAR-202011-0400 | CVE-2020-26521 | NATS nats-server In NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). NATS Server is an open source messaging system. The system is mainly used for cloud-native applications, IoT messaging, and microservice architecture
VAR-202011-1352 | CVE-2020-5795 | TP-Link Archer A7 Link interpretation vulnerability in |
CVSS V2: 7.2 CVSS V3: 6.2 Severity: MEDIUM |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. TP-Link Archer A7 There is a link interpretation vulnerability in.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TP-Link Archer A7 is a wireless router of China's TP-Link company. No detailed vulnerability details are currently provided
VAR-202011-0840 | CVE-2020-28168 | Axios NPM Server-side request forgery vulnerability in package |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address
VAR-202011-0904 | CVE-2020-28327 | Asterisk Open Source and Certified Asterisk Improper Resource Shutdown and Release Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.3 Severity: MEDIUM |
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling
VAR-202011-0887 | CVE-2020-28242 | Asterisk Open Source and Certified Asterisk Recursion control vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur
VAR-202011-1224 | CVE-2020-8267 | UniFi Protect Authentication vulnerability in controller |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. UniFi Protect An authentication vulnerability exists in the controller.Information may be tampered with. Ubiquiti Networks UniFi Cloud Key is a key device from Ubiquiti Networks that supports the management of UniFi networks. This vulnerability number has been assigned, and the vulnerability details will be updated soon
VAR-202011-1589 | No CVE | A weak password vulnerability exists in the management server V2.3 of Hangzhou Hikvision Digital Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision Digital Technology Co., Ltd. (Hikvision) is a video-centric intelligent IoT solution and big data service provider.
The management server V2.3 of Hangzhou Hikvision Digital Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the server background.
VAR-202011-1590 | No CVE | Excitel HGW RL821GWV-D has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HGW RL821GWV-D is a router.
Excitel HGW RL821GWV-D has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.
VAR-202011-1591 | No CVE | Richerlink EPON RL821GWV-D has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EPON RL821GWV-D is a router.
Richerlink EPON RL821GWV-D has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.
VAR-202011-1592 | No CVE | Syrotech EPON SY-GPON-1110-WDAONT has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EPON SY-GPON-1110-WDAONT is a router.
Syrotech EPON SY-GPON-1110-WDAONT has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.
VAR-202011-1593 | No CVE | Technxt EPON RL821GWV has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EPON RL821GWV is a router.
Technxt EPON RL821GWV has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.
VAR-202011-1517 | No CVE | Suzhou Inovance Technology Co., Ltd. HTodEditor has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Suzhou Inovance Technology Co., Ltd. is a national high-tech enterprise specializing in the research and development, production and sales of industrial automation and new energy related products.
Suzhou Inovance Technology Co., Ltd. HTodEditor has a denial of service vulnerability. The vulnerability is caused by memory corruption in the H0U-XP software (HTodEditor) processing htd files. Attackers can construct malformed htd files and cause the program to crash.
VAR-202110-1412 | CVE-2020-9897 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. iOS , iPadOS , macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202012-1524 | CVE-2020-9974 | plural Apple Logic vulnerabilities in the product |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----