VARIoT IoT vulnerabilities database

ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition. ChangXiang 8 Plus There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei ChangXiang 8 Plus is a smartphone of China's Huawei (Huawei) company

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. Dell EMC VxRail is a VMware hyper-converged infrastructure equipment from Dell (Dell). The product includes computing, storage, network, and virtualization resources

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. The product supports functions such as data backup, virtual machine backup and database protection. PowerProtect X400 is a data management device

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. (DoS) It may be put into a state. The product supports functions such as data backup, data recovery, and data replication management

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. Dell EMC Isilon OneFS and EMC PowerScale Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Haiwell Cloud Configuration Software is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co., Ltd. Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an authorization bypass vulnerability. Attackers can use this vulnerability to bypass the authorization interface and enter the platform.

Hangzhou Yishixing Information Technology Co., Ltd. is a high-tech enterprise entity specializing in system development, integration and services in the field of card management in the hotel industry personnel logistics and RFID Internet of Things applications. Hangzhou Yishixing Information Technology Co., Ltd. Fanzhi Hotel Human Capital ES Management Platform Group Edition has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. (DoS) It may be put into a state

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic

Xiamen Haiwei Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production, sales and service. The Haiwell cloud configuration software Cloud SCADA has an arbitrary code execution vulnerability that an attacker can use to obtain server permissions.

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Apache Guacamole Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. There are security vulnerabilities in Apache Guacamole 1.1.0 and earlier versions

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Apache Guacamole There is an information leakage vulnerability in.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. Attackers can use this vulnerability to obtain information with the help of specially crafted PDUs

ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. ZoneAlarm Firewall and Antivirus The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ZoneAlarm Service. The issue results from the lack of proper validation of a user-supplied symbolic link prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. NGINX Controller Exists in a certificate validation vulnerability.Information may be obtained and tampered with. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. F5 NGINX Controller version 1.0.1, version 2.0.0 to version 2.9.0 and version 3.0.0 to version 3.5.0 have a security vulnerability. The vulnerability is caused by the program not correctly validating the server TLS certificate. An attacker could exploit this vulnerability to intercept the communication channel and read or modify data in transit

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. NGINX Controller There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is the United States F5 One of the company's NGINX Centralized monitoring and management platform. The platform supports the management of multiple NGINX instance

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. There is a security vulnerability in the NGINX controller NATS message service in F5 NGINX Controller version 1.0.1, 2.0.0 to 2.9.0, and 3.0.0 to 3.5.0. The vulnerability stems from the fact that the program does not perform any form of authentication . Attackers can use this vulnerability to eavesdrop on NATS connections and obtain data stored in message queues

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MWE files by the PC WORX and PC WORX Express executables. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)

The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of PKGX files. The application fails to validate the cryptographic signature of the package. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLCOpen XML files. When parsing the pou element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Cisco Unity Connection (UC) and others are products of Cisco (Cisco). Cisco Unity Connection is a voice message platform