VARIoT IoT vulnerabilities database

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. The vulnerability is caused by the device not fully verifying the user's facial credentials

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. HUAWEI Mate 30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system using the released memory in certain scenarios

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. HUAWEI Mate 30 Exists in a mistyped vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system not checking and converting the type of a variable properly

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. HUAWEI Mate 30 Exists in a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the fact that a member in a pointer can be modified by another running program in a time window

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Analytics etc. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.1.0, 14.1.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1.5

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. Huawei P30 is a smart phone of China's Huawei (Huawei) company. There is a security vulnerability in Huawei P30 10.1.0.135 (C00E135R2P11)

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution. HUAWEI Mate 30 and HUAWEI P30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. There is a security vulnerability in Huawei Mate 30 10.1.0.150 (C00E136R5P3). The vulnerability is caused by the system using the released memory. Attackers can use this vulnerability to execute code with the help of specially crafted applications. Huawei products could allow a local authenticated malicious user to execute arbitrary code on the system, caused by a use-after-free vulnerability

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. Linkplay There is a vulnerability in the firmware regarding authentication bypass by user-controlled keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Anker Zolo Halo is a smart speaker from Anker Company in the Philippines. Linkplay firmware is an application software. Provide a turnkey solution including software, voice, Wi-Fi, Bluetooth IoT/thin client modules, leading voice assistant services (such as Amazon Alexa and many popular international voice assistant services) and integration into a central mobile application Global streaming content in the program to enable smart, voice-enabled, and IoT products. There are security vulnerabilities in Linkplay firmware. Attackers can use this vulnerability to execute code

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A remote attacker could exploit this vulnerability to perform malicious operations with a specially crafted HTTP request. The following products and versions are affected: F5 BIG-IP from version 15.0.0 to version 15.1.0.3, version 14.1.0 to version 14.1.2.5, version 13.1.0 to version 13.1.3.3, version 12.1.0 to version 12.1.5.1

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. Wavlink WL-WN530HG4 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAVLINK WL-WN530HG4 is a wireless network signal extender manufactured by WAVLINK. An injection vulnerability exists in the WAVLINK WL-WN530HG4 M30HG4.V5030.191116 version

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.). Wavlink WL-WN530HG4 A classic buffer overflow vulnerability exists on the device. This vulnerability is CVE-2020-12266 It is a similar problem to.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAVLINK WL-WN530HG4 is a wireless network signal extender manufactured by WAVLINK. There is a security vulnerability in the WAVLINK WL-WN530HG4 M30HG4.V5030.191116 version

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains a code injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The following products and versions are affected: F5 BIG-IP Version 15.1.0, Version 15.0.0, Version 14.1.0 to Version 14.1.2, Version 13.1.0 to Version 13.1.3, Version 12.1.0 to Version 12.1.5 , version 11.6.1 to version 11.6.5. ## RCE: curl -v -k 'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=list+auth+user+admin' ## Read File: curl -v -k 'https://[F5 Host]/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'

In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP APM There is an information leakage vulnerability in.Information may be obtained. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks

Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. HiSuite Exists in an unreliable search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei HiSuite is a mobile phone assistant application for PC from Huawei, China

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. The solution scales and protects devices, applications, and more within the network

A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. COMMAX WallPad(CDP-1020MB) There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. COMMAX WallPad is a smart home control panel produced by South Korean company COMMAX. There is an input validation error vulnerability in COMMAX WallPad CDP-1020MB version before 2019.12.30

Modicon M580 BMEP584040 is a programmable Ethernet automation controller from Schneider. Schneider Electric Modicon M580 BMEP584040 has a denial of service vulnerability that an attacker can use to cause a denial of service.

Modicon M580 BMEP584040 is a programmable Ethernet automation controller from Schneider. Schneider Electric Modicon M580 BMEP584040 has an authentication bypass vulnerability, which can be exploited by attackers to replay operation instructions.

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. Nozomi Guardian Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Nozomi Networks Guardian is a IoT device and software inspection system from Nozomi Networks in Switzerland. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. DrayTek Vigor3900 , Vigor2960 , Vigor300B On the device OS A command injection vulnerability exists. This vulnerability is CVE-2020-14472 Is a different vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. DrayTek Vigor3900, etc. are all products of DrayTek, Taiwan, China. DrayTek Vigor3900 is a broadband router/VPN gateway device. Vigor2960 is a load balancing router and VPN gateway device. Vigor300B is a load balancing router. Attackers can use shell metacharacters to use this vulnerability to execute commands