VARIoT IoT vulnerabilities database

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm. (DoS) It may be put into a state

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. (DoS) It may be put into a state. Lenovo Drivers Management is a driver management application for Lenovo products from China Lenovo (Lenovo). This program is mainly used for driver installation and upgrade, etc

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. Lenovo Drivers Management Exists in an unreliable search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo Drivers Management is a driver management application for Lenovo products from China Lenovo (Lenovo). This program is mainly used for driver installation and upgrade, etc

KingView (KingView) is an industrial automation configuration software produced by Beijing Yakong Technology Development Co., Ltd. KingView has a denial of service vulnerability. Attackers can use this vulnerability to launch remote denial of service attacks.

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. WebCLI is one of the web-based command line interfaces. Attackers can use this vulnerability to bypass access restrictions by sending a specially crafted request

goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. Tenda AC15 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda Company. Tenda AC15 AC1900 15.03.05.19 version of the goform/AdvSetLanip endpoint has security vulnerabilities

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1. An attacker could exploit this vulnerability to obtain sensitive information

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. GoAhead for, Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices.A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.Tested on: GoAhead-httpGoAhead-Webs. There is a security vulnerability in Embedthis Software GoAhead versions before 5.1.2. An attacker could exploit this vulnerability to bypass authentication

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. An attacker could exploit this vulnerability to execute malicious code

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure. Huawei P30 is a smart phone launched by Huawei

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. D-Link DAP-1522 There is an authentication vulnerability in the device.Information may be obtained. D-Link DAP-1522 is a wireless access point product of D-Link, Taiwan. D-Link DAP-1522 1.10b04Beta02 has a security vulnerability in the 1.4x version. An attacker can use this vulnerability to bypass authentication and directly access the application

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. D-Link DIR-816L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. D-Link DIR-816L 1.10b04Beta02 has an operating system command injection vulnerability in 2.x versions. Attackers can use this vulnerability to inject arbitrary commands

HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8). HUAWEI Mate 20 There is an authentication vulnerability in smartphones.Information may be tampered with. Huawei Mate 20 is a smartphone launched by Huawei

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. D-Link DIR-816L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. D-Link DIR-816L 1.10b04Beta02 has an information disclosure vulnerability in 2.x versions

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. CODESYS Control Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software. 3S-Smart Software Solutions CODESYS Control has a denial of service vulnerability. Allow remote attackers to use vulnerabilities to submit special requests and perform denial of service attacks

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. D-Link DIR-816L A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. D-Link DIR-816L is a wireless AC750 dual-band cloud router

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. The Cisco ASA series is a series of customized solutions for security equipment launched by Cisco. It integrates advanced security and VPN services to protect business communications and organizations of all sizes from cyber threats. Cisco has a variety of arbitrary file reading vulnerabilities, which can be exploited by attackers to obtain sensitive information. The platform provides features such as highly secure access to data and network resources

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. IBM Verify Gateway (IVG) Vulnerability in Vendor exploits this vulnerability IBM X-Force ID: 179476 It is published as.Service operation interruption (DoS) It may be put into a state. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. Vendor exploits this vulnerability IBM X-Force ID: 179266 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, PAM version 1.0.1, WinLogin version 1.0.0, WinLogin version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. Vendor exploits this vulnerability IBM X-Force ID: 179478 It is published as.Information may be obtained. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, version 1.0.1, WinLogin version 1.0.0, version 1.0.1