VARIoT IoT vulnerabilities database

VAR-202010-1173 | CVE-2020-9109 | plural Huawei Insufficient verification vulnerability in data reliability in smartphone products |
CVSS V2: 1.9 CVSS V3: 4.6 Severity: MEDIUM |
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). plural Huawei Smartphone products contain vulnerabilities related to inadequate verification of data reliability.Information may be obtained. Huawei P30 Pro, etc. are all smart phones of China's Huawei (Huawei) company. The vulnerability stems from insufficient verification of the identity of the smart wearable device in a specific scenario. The attacker needs to obtain specific information in the victim's mobile phone before launching an attack
VAR-202010-1179 | CVE-2020-9123 | HUAWEI P30 Pro Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. HUAWEI P30 Pro Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei P30 Pro is a smartphone launched by Huawei
VAR-202010-1172 | CVE-2020-9108 | HUAWEI P30 Pro Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Huawei P30 Pro is a smartphone launched by Huawei
VAR-202010-1166 | CVE-2020-9230 | WS5800-10 Vulnerability for inadequate validation of data reliability in |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal. WS5800-10 Exists in an inadequate validation of data reliability vulnerabilities.Denial of service (DoS) It may be put into a state. Huawei ws5800-10 is a wireless router of China's Huawei (Huawei) company.
Some Huawei home routers have security vulnerabilities
VAR-202010-1170 | CVE-2020-9106 | HUAWEI P30 Pro Untrusted search path vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. Huawei P30 Pro is a smartphone launched by Huawei. The vulnerability stems from the system not fully verifying certain path names. Attackers can use this vulnerability to access files. Huawei smartphones could allow a local malicious user to traverse directories on the system, caused by insufficient input path validation. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view an arbitrary file on the device
VAR-202010-1171 | CVE-2020-9107 | HUAWEI P30 Pro Out-of-bounds read vulnerability |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Huawei P30 Pro is a smartphone launched by Huawei
VAR-202010-1178 | CVE-2020-9122 | plural Huawei Product input verification vulnerabilities |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. plural Huawei The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. Huawei HiRouter-CD30-10, etc. are all wireless routers of China's Huawei (Huawei) company
VAR-202010-1180 | CVE-2020-9087 | Taurus-AL00A Out-of-bounds read vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. Taurus-AL00A Is vulnerable to an out-of-bounds read.Information may be obtained. Huawei Taurus-AL00A is a smart phone of China's Huawei (Huawei) company.
The HUAWEI Taurus-AL00A XFRM module has security vulnerabilities. The vulnerability stems from the failure to fully verify the parameters
VAR-202010-0030 | CVE-2020-14293 | Secudos DOMOS In OS Command injection vulnerability |
CVSS V2: 8.5 CVSS V3: 7.5 Severity: HIGH |
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). Secudos DOMOS Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. secudos domos is a set of operating systems for IoT devices from SECUDOS in Germany.
Secudos DOMOS 5.8 version has a security vulnerability in conf datetime
VAR-202010-1181 | CVE-2020-9090 | FusionAccess Authentication Vulnerability in Microsoft |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. FusionAccess Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei smartphones could allow a local authenticated malicious user to bypass security restrictions, caused by an improper authorization vulnerability
VAR-202009-0773 | CVE-2020-24721 | Android For and iOS for GAEN Protocol vulnerabilities |
CVSS V2: 3.3 CVSS V3: 5.7 Severity: MEDIUM |
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. Apple iOS is an operating system developed for mobile devices by Google and the Open Handheld Alliance (OHA). Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance (OHA)
VAR-202009-0361 | CVE-2019-17098 | August Connect Wi-Fi Bridge App and August Connect Vulnerability in using hard-coded credentials in firmware |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions
VAR-202009-1682 | No CVE | Tianxin Instrument Group Co., Ltd. Tianxin SCADA system has SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The SCADA system is a computer-based DCS and power automation monitoring system.
Tianxin Instrument Group Co., Ltd. Tianxin SCADA system has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.
VAR-202010-0408 | CVE-2020-17482 | PowerDNS Authoritative Server information disclosure vulnerability |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company.
Background
==========
The PowerDNS nameserver is an authoritative-only nameserver which uses
a flexible backend architecture.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/pdns < 4.3.1 >= 4.3.1
Description
===========
It was discovered that PowerDNS did not properly handle certain unknown
records.
Crafted records cannot be inserted via AXFR.
Workaround
==========
Do not take zone data from untrusted users.
Resolution
==========
All PowerDNS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/pdns-4.3.1"
References
==========
[ 1 ] CVE-2020-17482
https://nvd.nist.gov/vuln/detail/CVE-2020-17482
[ 2 ] PowerDNS Security Advisory 2020-05
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-18
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
VAR-202009-1644 | CVE-2020-16232 | Made by Yokogawa Electric WideField3 Buffer overflow vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. Provided by Yokogawa Electric Corporation FA-M3 Program development tool WideField3 Buffer overflow vulnerability (CWE-120) Exists.By rewriting the project file by a third party who can access the product, the application may be terminated illegally. Yokogawa WideField3 is a PLC programming software developed by Yokogawa Corporation of Japan. The software contains rich and practical programming tools, including powerful input macros, sampling display, synchronous logic analysis and other functions, and is perfectly compatible with F3SP71-4S and F3SP76-7S sequential CPU modules. There is a buffer error vulnerability in WideField3 R1.01 to R4.03. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
VAR-202009-0815 | CVE-2020-25775 | OfficeScan made by Trend Micro Inc. Vulnerability that can delete arbitrary files in the cloud |
CVSS V2: 6.3 CVSS V3: 6.3 Severity: MEDIUM |
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Virus Buster provided by Trend Micro Inc. There is a vulnerability in the cloud that allows low-privileged users to use the product's "data erasure tool" function to delete files with higher permissions. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Any file or folder may be erased by a third party who has access to the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Secure Erase feature. The issue results from the lack of proper validation of a user-supplied link prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM
VAR-202009-1672 | No CVE | Suzhou Inovance Technology Co., Ltd. AM600-PS2 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AM600-PS2 is a medium-sized programmable logic controller (PLC) designed with a modular structure.
The AM600-PS2 of Suzhou Inovance Technology Co., Ltd. has a weak password vulnerability. Attackers can use this vulnerability to log in to the PLC operating system.
VAR-202009-1231 | CVE-2020-5930 | BIG-IP and BIG-IQ Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods. BIG-IP and BIG-IQ Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. GE APM is an equipment monitoring system of General Electric (GE). The system can continuously monitor the operating status and faults of the equipment. A security vulnerability exists in TMM that allows an attacker to potentially be able to cause a denial of service to a vulnerable party
VAR-202009-1700 | No CVE | An SQL injection vulnerability exists in the warning platform of Xiamen Sixin Communication Technology Co., Ltd. |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Xiamen Four-Faith Communication Technology Co., Ltd., referred to as "Four-Faith Communications", is a national high-tech enterprise, a leading enterprise of small giants in scientific and technological innovation in Fujian Province, an Internet of Things platform enterprise, an Internet of Things technology expert, a provider of Internet of Things communication equipment and solutions.
The early warning platform of Xiamen Sixin Communication Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.
VAR-202009-1701 | No CVE | An SQL injection vulnerability exists in the early warning platform of Xiamen Sixin Communication Technology Co., Ltd. (CNVD-2020-51471) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Xiamen Four-Faith Communication Technology Co., Ltd., referred to as "Four-Faith Communications", is a national high-tech enterprise, a leading enterprise of small giants in scientific and technological innovation in Fujian Province, an Internet of Things platform enterprise, an Internet of Things technology expert, a provider of Internet of Things communication equipment and solutions.
The early warning platform of Xiamen Sixin Communication Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.