VARIoT IoT vulnerabilities database

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability is caused by the program not properly validating user input

A vulnerability in the Java Remote Method Invocation (RMI) interface of Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Configuration utility is one of the configuration utilities. A security vulnerability exists in the Configuration utility of F5 BIG-IP versions 11.6.1 to 11.6.5. The vulnerability stems from the fact that the program does not perform sanitization before displaying the data submitted by the program. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Analytics etc. multiple F5 Networks The product contains an improper default permissions vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The SCP tools in F5 BIG-IP versions 13.1.0 to 13.1.3, 12.1.0 to 12.1.5, and 11.6.1 to 11.6.5 have security vulnerabilities. An attacker could exploit this vulnerability to read or overwrite configuration files

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an authorized user provided with access only to the TMOS Shell (tmsh) may be able to conduct arbitrary file read/writes via the built-in sftp functionality. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Analytics etc. multiple F5 Networks There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Beijing Guojia Intelligent Electronic Technology Co., Ltd. is an Internet smart lock company. Guojia III smart gateway has a hijacking vulnerability, which can be exploited by attackers to obtain and modify sensitive information.

Beijing Guojia Intelligent Electronic Technology Co., Ltd. is an Internet smart lock company. Guojia III smart gateway has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.". Domino server There is a cryptographic strength vulnerability in.Information may be obtained

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet. Linkplay There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Anker Zolo Halo is a smart speaker from Anker Company in the Philippines. There are security vulnerabilities in Linkplay firmware. Attackers can use this vulnerability to execute code

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities. Linkplay There is a vulnerability in the firmware regarding insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Anker Zolo Halo is a smart speaker from Anker Company in the Philippines. Linkplay firmware is an application software. Provide a turnkey solution including software, voice, Wi-Fi, Bluetooth IoT/thin client modules, leading voice assistant services (such as Amazon Alexa and many popular international voice assistant services) and integration into a central mobile application Global streaming content in the program to enable smart, voice-enabled, and IoT products. There are security vulnerabilities in Linkplay firmware. Attackers can use this vulnerability to execute code

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. The vulnerability is caused by the device not fully verifying the user's facial credentials

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. HUAWEI Mate 30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system using the released memory in certain scenarios

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. HUAWEI Mate 30 Exists in a mistyped vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system not checking and converting the type of a variable properly

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. HUAWEI Mate 30 Exists in a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability stems from the fact that a member in a pointer can be modified by another running program in a time window

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. BIG-IP Access Policy Manager (APM) , BIG-IP Advanced Firewall Manager (AFM) , BIG-IP Analytics etc. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. The following products and versions are affected: F5 BIG-IP 15.0.0 to 15.1.0, 14.1.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1.5

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. Huawei P30 is a smart phone of China's Huawei (Huawei) company. There is a security vulnerability in Huawei P30 10.1.0.135 (C00E135R2P11)

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution. HUAWEI Mate 30 and HUAWEI P30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. There is a security vulnerability in Huawei Mate 30 10.1.0.150 (C00E136R5P3). The vulnerability is caused by the system using the released memory. Attackers can use this vulnerability to execute code with the help of specially crafted applications. Huawei products could allow a local authenticated malicious user to execute arbitrary code on the system, caused by a use-after-free vulnerability

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. Linkplay There is a vulnerability in the firmware regarding authentication bypass by user-controlled keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Anker Zolo Halo is a smart speaker from Anker Company in the Philippines. Linkplay firmware is an application software. Provide a turnkey solution including software, voice, Wi-Fi, Bluetooth IoT/thin client modules, leading voice assistant services (such as Amazon Alexa and many popular international voice assistant services) and integration into a central mobile application Global streaming content in the program to enable smart, voice-enabled, and IoT products. There are security vulnerabilities in Linkplay firmware. Attackers can use this vulnerability to execute code

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery (CSRF) vulnerability in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges. Underlying causes and factors in these vulnerabilities include: Improper configuration and a lack of identify checks, see recent article from NCC Group. Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 The TMUI fails to enforce proper authentication and authorization, see OWASP Recommendations The TMUI web interface does not normalize user's input to prevent both XSS and CSRF, allowing a "Deadly Combinations of XSS and CSRF" Lack of role-based access checks allows for for unexpected file access, see Role-Based Access Control Models F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation. An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device. plural BIG-IP The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A remote attacker could exploit this vulnerability to perform malicious operations with a specially crafted HTTP request. The following products and versions are affected: F5 BIG-IP from version 15.0.0 to version 15.1.0.3, version 14.1.0 to version 14.1.2.5, version 13.1.0 to version 13.1.3.3, version 12.1.0 to version 12.1.5.1

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. Wavlink WL-WN530HG4 A device contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WAVLINK WL-WN530HG4 is a wireless network signal extender manufactured by WAVLINK. An injection vulnerability exists in the WAVLINK WL-WN530HG4 M30HG4.V5030.191116 version