VARIoT IoT vulnerabilities database

A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.  This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system. Cisco Systems Cisco Catalyst SD-WAN Manager Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. Cisco Systems Cisco Catalyst SD-WAN Manager contains a man-in-the-middle vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet. RT-Labs of P-Net contains vulnerabilities regarding unchecked loop condition input values and improper validation of quantities specified in the input.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers. RT-Labs P-Net 1.0.1 and earlier versions have a security vulnerability. The vulnerability is caused by not checking the loop condition

A NULL Pointer Dereference in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers. Attackers can exploit this vulnerability to cause IO devices to crash

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet. RT-Labs of P-Net contains a heap-based buffer overflow vulnerability and an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that implements standard communication between industrial devices and PROFINET controllers

H3C Technologies Co., Ltd. is a global leader in digital solutions. H3C Technologies Co., Ltd. NX15 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. Shenzhen Tenda Technology Co.,Ltd. of RX3 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can use this vulnerability to submit special requests to crash the application and cause a denial of service

In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Shenzhen Tenda Technology Co.,Ltd. of RX3 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available