VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Webex Meetings Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. The product supports functions such as dynamic asset list and real-time network monitoring

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. Cisco Webex Meetings Exists in a fraudulent authentication vulnerability.Information may be tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves. Cisco Webex Meetings Exists in a fraudulent authentication vulnerability.Information may be tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. The solution scales and protects devices, applications, and more within the network

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9755. NETGEAR R6700 A router software contains a format string vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-9755 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is an AC1750 smart WiFi router

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853. Zero Day Initiative To this vulnerability ZDI-CAN-9853 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6700 is an AC1750 smart WiFi router

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852. Zero Day Initiative To this vulnerability ZDI-CAN-9852 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR R6400, etc. are all wireless routers from NETGEAR

ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. ACTi NVR Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. ACTi is a network camera series produced by ACTI

ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access. ZoneAlarm Anti-Ransomware Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Check Point Software Technologies ZoneAlarm Anti-Ransomware is a set of anti-ransomware from Check Point Software Technologies in the United States. A postlinking vulnerability exists in Check Point Software Technologies ZoneAlarm Anti-Ransomware versions prior to 1.0.713. The vulnerability is caused by the program copying files from low-privileged directories

KingView is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. KingView has a buffer overflow vulnerability. An attacker can use this vulnerability to gain control of the website server.

Zhengzhi (Shanghai) Intelligent Technology Co., Ltd. (hereinafter referred to as "Zhengzhi Technology"), formerly known as Shanghai Kuntai Electronics Co., Ltd., is a high-tech enterprise mainly engaged in the research and development, production and sales of industrial automation products. Zhengzhi (Shanghai) Intelligent Technology Co., Ltd. CORWARE has a memory corruption vulnerability. Attackers can use the vulnerability to cause the program to crash.

Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. Teltonika There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. The vulnerability stems from incorrect access control. Teltonika firmware is a firmware used in Teltonika IoT products from Teltonika in Lithuania

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. Teltonika A cross-site request forgery vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. Teltonika firmware is a firmware used in Teltonika IoT products from Teltonika in Lithuania. Attackers can use this vulnerability to perform some sensitive operations with the help of specially crafted links

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. Teltonika There is a vulnerability in the firmware regarding unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. Teltonika firmware is a firmware used in Teltonika IoT products from Teltonika in Lithuania. Teltonika firmware TRB2_R_00.02.04.01 has a code issue vulnerability

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. Teltonika There is a vulnerability in the firmware regarding unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. Teltonika firmware is a firmware used in Teltonika IoT products from Teltonika in Lithuania. Teltonika firmware TRB2_R_00.02.04.01 has a code issue vulnerability

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an input verification vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to information leakage.Information may be obtained