VARIoT IoT vulnerabilities database

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They contain two undocumented administrator accounts. The sftp and mofidev accounts are defined in /etc/passwd and the password is not unique across installations. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. No detailed vulnerability details are currently provided

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. Attackers can use this leak to gain unauthorized access to /systemlog.tar.gz to obtain information such as /etc/shadow and plaintext Wi-Fi credentials

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. Mofi Network MOFI4500-4GXeLTE is a wireless router of Mofi Network Company. No detailed vulnerability details are currently provided

Bohan Weiye (Beijing) Technology Co., Ltd. is a comprehensive solution provider for mobile Internet of Things. Bohan Weiye (Beijing) Technology Co., Ltd. has logic flaws and loopholes in the community arterial property management integrated management and control cloud service platform. Attackers can use vulnerabilities to log in to the system to gain administrator rights and perform unauthorized operations.

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. Madshi MadCodeHook is a code library organized by Madshi to handle code compatibility between 32-bit and 64-bit Windows 2000 to Windows 10 systems

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip has a binary vulnerability. Attackers can use this vulnerability to cause the program to crash.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip has a binary vulnerability. Attackers can use this vulnerability to cause the program to crash.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip has a binary vulnerability. Attackers can use this vulnerability to cause the program to crash.

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. D-Link DIR-825 R1 A classic buffer overflow vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-825 is a router of D-Link company in Taiwan. D-Link DIR-825 R1 devices 3.0.1 and earlier versions have a buffer overflow vulnerability

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA

The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Open vSwitch Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. For the stable distribution (buster), these problems have been fixed in version 2.10.6+ds1-0+deb10u1. For the detailed security status of openvswitch please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvswitch Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHj0ACgkQEMKTtsN8 TjaYHw/6Atkb8+AS+g8R3FpNe0L+Eqie3RzZ1ZOhbJTvkBzeKdusw4dNk7DfsbJt uy/b2hHvooR+MQVpxeDXD/Azpf+k7b1m3LZ7P/fKKsXDmuMX6jge8rai8DZyJdfI IRYjU+yqd6z9ytKRg8bPcXgG/1hmdMznunBdpdLKQnmtH2EsVrflAaqAkABqVjO6 X0NHzUsRrI0yXWLDI3pqD7bc8Oq/TFtHi6BCBVxk3VPegBC3CzAelPfHu5KJeSKC lOyrmc+ut/HbXJexRFzkrrNQsYB2M7/ZgJLv0XQmYaP7vnpu09xaaqYBreCIp8Q9 DZmCy9pLVzop0WNJzdLnRbwhBB2eBZF6qyax6ldvifcN/QAnLLC4Zzg1eNdktrPE Dq9rJ/6U56DycmqKrlyKvlpTHM0IJ4+4TI5yM4OL2/wDkT/Mfjr7lwQbo/Xafy/X +vviNQGFd2z/8aIdkc0auPhGle/VME+mlBBLCNU47HrfaWTIR94PFjKfmTL/9dzM VRz6TfS5yG9kCi9H1xB/94q50no186IVUh5+Jr7SnfCr0sSm5ahNIIEtg5lmvqHd pUDZD7tO0uvcMUIV06xXSealz1ECKzwB0ZaJYfngOZ/KnBr7opZsDXm0wRVZdSBN DFZQX3XNSM1Gi0xHlV6uYQgi2HRuPk5QdW2TqmEN7XUNeQ9xdpI= =BZCg -----END PGP SIGNATURE----- . Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Bug Fix(es): * [RFE] Add auto load balance params (BZ#1920121) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2) Advisory ID: RHSA-2021:0976-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0976 Issue date: 2021-03-23 CVE Names: CVE-2020-27827 ==================================================================== 1. Summary: An update for imgbased, redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.4.4), redhat-virtualization-host (4.4.4) Changes to the imgbased component: * Previously, the chronyd symlink was removed during the upgrade process. As a result, the chronyd service was disabled following the upgrade. In this release, the chronyd service is enabled after upgrade. (BZ#1903777) Security Fix(es): * lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1903777 - chronyd is disabled after upgrading RHV-H 4.4.2 -> 4.4.3 1915877 - Rebase RHV-H 4.4.4 on RHEL 8.3.1 1916659 - Upgrade imgbased to 1.2.16 1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak 1932763 - Rebase RHV-H 4.4.4 on FDP 2.11 (21B) 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: redhat-virtualization-host-4.4.4-20210307.0.el8_3.src.rpm noarch: redhat-virtualization-host-image-update-4.4.4-20210307.0.el8_3.noarch.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.4.4-2.el8ev.src.rpm noarch: redhat-virtualization-host-image-update-placeholder-4.4.4-2.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.4-2.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFo5HtzjgjWX9erEAQhMtg//Wr6sNIkXoFWvB1Rf6IrjG6mumtZtQROR 7AucVC7FRmoyeqy+HiURXUdyBT4JiapEswPlEqI5Lg1s1pIfm0ONf4vf8CAXr6in u8T6LHR4rREldydYTFoW15KV7fl5O1pKV0m+xsmx6a8Ark9CZvA31x5rdexYEPHI GDjUOc7jh+CF+j+OGsA5mOLoEGTdxSX3j8Wr1rFuTDw+9ceIvddLAPXymc6NVhf7 5NCkRkcDeD/8PPjYYSBE+3c98uANPKGAb0HV+g20wZ46Qn7Jz+gLOYz7RrGDsGH0 yNzGdbZdovCdFkjNp852WswWzK3IK7Qrd3ow52mgweMlqxIMXJ/X7500D94DDiAs F1pkS+qKRdlR6RHfH5yuTBcugmTghDKkrt1+zsXdOja+/f5+Pc3JRIhz6wZIjEsC ZYezIyFhWjQHlkakmMRzdlFXboBNhBr5mGn7z2t0E2aoz/1j+tG7UbIp++HXFxqq 2hdIKGbCn/ETbKE5z3YEq+9Sndezg0GUsSpJTO2R8xre/O3P9bKdSphSF4e4gk0U CTjVTC1BrKUVQ5REb1trJqTHLHk6/igSg24Glez8ztE0WrKc2ncw0NYx8dDYtU7O XTrP6O6oPxU9zTd+22Dh5L/hVLsXndkBZSsoAdKoRBQ51P0WZlxNWObehIz3ZRhf Q5Xmbi8UbaY=QNMM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.4. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:0958 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bugs among others: * A flaw was found in golang: crypto/elliptic, in which P-224 keys as generated could return incorrect inputs, which reduced the strength of the cryptography. (BZ#1918750) * This update adds new capabilities to the Baremetal Operator, allowing for different reboot modes to be utilized. This allows workloads to be relocated as quickly as possible in the event of a node failure. Additionally, it provides a path for clients to quickly power down systems for remediation purposes and to recover workloads. As a result, workload recovery time is significantly reduced. (BZ#1936407) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64 The image digest is sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-s390x The image digest is sha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le The image digest is sha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9 Security Fix(es): * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1910352 - When creating a worker with a used mac-address stuck on registering 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1922417 - Issue configuring nodes with VLAN and teaming 1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp 1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1929371 - 4.7 CNO claims to be done upgrading before it even starts 1929721 - Enable host-based disk encryption on Azure platform 1930106 - Cannot IPI with tang/tpm disk encryption 1930152 - Web console crashes during VM creation from template when no storage classes are defined 1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1931863 - NetworkManager overlay FS not being created on None platform 1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint 1934645 - [4.7z] Need BFD failover capability on ECMP routes 1935636 - High RAM usage on machine api termination node system oom 1936707 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936803 - Support ServiceBinding 0.5.0+ 1936861 - (release-4.7] Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1937313 - Topology view - vm details screen isntt stop loading 1937469 - Pod/node/ip/template isn't showing when vm is running 1937695 - ironic image "/" cluttered with files 1937829 - ovn-kube must handle single-stack to dual-stack migration 1937998 - [4.7] wrong community catalog image reference 1938405 - catalog operator causing CPU spikes and bad etcd performance 1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1939477 - CI tests using openshift/hello-world broken by Ruby Version Update 1940283 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1941297 - OCP-Metal images 5. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Comfort Panel. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 22 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens Simatic Hmi is a device of Germany's Siemens (Siemens) that provides human-computer interaction functions for industrial automation equipment

Enterprise-level wireless AP is a network device. Many manufacturers' enterprise-level wireless APs have weak password vulnerabilities. Attackers can use vulnerabilities to log in and access through weak passwords to obtain sensitive information.

IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. Mate 30 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company