VARIoT IoT vulnerabilities database

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. Asus Aura Sync Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ASUS Aura Sync is a hardware light synchronization plug-in from Taiwan ASUS Corporation. A security vulnerability exists in the Ene.sys file in ASUS Aura Sync 1.07.71 and earlier. The vulnerability stems from the program failing to properly validate input sent to IOCTL 0x80102044, 0x80102050, and 0x80102054

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10007. NEC ESMPRO Manager Contains a vulnerability in the deserialization of unreliable data. Zero Day Initiative To this vulnerability ZDI-CAN-10007 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NEC ESMPRO Manager is a product of NEC Corporation for managing NEC servers. The product supports management and monitoring of server CPU load, memory usage, disk usage, server hard disk protection status and LAN traffic status. The vulnerability stems from the program's failure to correctly verify user data

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar to IPSEC VPNs in tunnel mode, except in the case of IP-in-IP, the traffic is unencrypted. An IP-in-IP device is considered to be vulnerable if it accepts IP-in-IP packets from any source to any destination without explicit configuration between the specified source and destination IP addresses. This unexpected Data Processing Error (CWE-19) by a vulnerable device can be abused to perform reflective DDoS and in certain scenarios used to bypass network access control lists. Because the forwarded network packet may not be inspected or verified by vulnerable devices, there are possibly other unexpected behaviors that can be abused by an attacker on the target device or the target device's network environment. An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls. Tunnelling protocols are an essential part of the Internet and form much of the backbone that modern network infrastructure relies on today. One limitation of these protocols is that they do not authenticate and/or encrypt traffic. Though this limitation exists, IPsec can be implemented to help prevent attacks. However, implementation of these protocols have been executed poorly in some areas.CVE-2020-10136 Affected Vendor Statement: Cisco has fixed products affected by this CVE in its default configuration and released a security advisory for it at the time of the original disclosure in 2020. Please refer to VU#636397 and to the security advisory link in the References section. References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4 CVE-2024-7595 Not Affected CVE-2024-7596 Not Affected CVE-2025-23018 Not Affected CVE-2025-23019 Not AffectedCVE-2020-10136 Affected Vendor Statement: Cisco has fixed products affected by this CVE in its default configuration and released a security advisory for it at the time of the original disclosure in 2020. Please refer to VU#636397 and to the security advisory link in the References section. References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4 CVE-2024-7595 Not Affected CVE-2024-7596 Not Affected CVE-2025-23018 Not Affected CVE-2025-23019 Not Affected. Cisco NX-OS Software is a data center-level operating system software used by a set of switches of Cisco. A code issue vulnerability exists in Cisco NX-OS Software due to the program decapsulating and processing the IP in an IP packet destined for a locally configured IP address. A remote attacker can exploit this vulnerability to bypass the access control list or cause a denial of service by means of a specially crafted IP in the IP packet. The following products and versions are affected: Nexus 1000 Virtual Edge for VMware vSphere; Nexus 1000V Switch for Microsoft Hyper-V; Nexus 1000V Switch for VMware vSphere; Nexus 3000 Series Switches; Nexus 5500 Platform Switches; Nexus 5600 Platform Switches; Nexus 6000 Switches ; Nexus 7000 Series Switches; Nexus 9000 Series Switches in standalone NX-OS mode; UCS 6200 Series Fabric Interconnects; UCS 6300 Series Fabric Interconnects

FameView configuration software is a high-performance configuration monitoring software based on Windows operating system, which is developed by Beijing Jiekong Company based on many years of engineering application and service experience. It provides economical and perfect automation solutions. Beijing Jiekong FameView configuration software has a command execution loophole, which can be used by attackers to execute arbitrary commands.

FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. FarLinX X25 Gateway To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FarSite Communications FarLinX X25 Gateway is a gateway product of FarSite Communications in the UK. The product has a browser interface, online statistical information set, connection log records, active session display, and status change alerts. FarSite Communications FarLinX X25 Gateway 2014-09-25 and previous versions of sysSaveMonitorData.php file, fsx25MonProxy.php file, syseditdate.php file, iframeupload.php file and sysRestoreX25Cplt.php file have operating system command injection vulnerabilities, attackers can use Shell metacharacters use this vulnerability to inject commands

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. FarLinX X25 Gateway Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FarSite Communications FarLinX X25 Gateway is a gateway product of FarSite Communications in the UK. The product has a browser interface, online statistical information set, connection log records, active session display, and status change alerts

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6. ZTE F680 is a dual-band GPON home gateway device with external antennas from ZTE Corporation of China. There is a security vulnerability in the ZTE F680 V9.0.10P1N6 version, which stems from incorrect access control. Attackers can use this vulnerability to tamper with the program interface parameters to perform unauthenticated operations

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. FarSite Communications FarLinX X25 Gateway is a gateway product of FarSite Communications in the UK. The product has a browser interface, online statistical information set, connection log records, active session display, and status change alerts. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. Attackers can use this vulnerability to restrict access Location outside the directory

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service. Docker Engine There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Docker: Information disclosure Date: August 26, 2020 Bugs: #729208 ID: 202008-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A flaw in Docker allowed possible information leakage. Background ========== Docker is the world’s leading software containerization platform. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/docker < 19.03.12 >= 19.03.12 Description =========== It was found that Docker created network bridges which by default accept IPv6 router advertisements. Workaround ========== There is no known workaround at this time. Resolution ========== All Docker users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/docker-19.03.12" References ========== [ 1 ] CVE-2020-13401 https://nvd.nist.gov/vuln/detail/CVE-2020-13401 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202008-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), this problem has been fixed in version 18.09.1+dfsg1-7.1+deb10u2. We recommend that you upgrade your docker.io packages. For the detailed security status of docker.io please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker.io Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7+KBwACgkQEMKTtsN8 TjbyYBAAg+O+0IgB1qBQyB11lKb7t0MGrqo35/MOnYgQK8jbcqBGPQ0eDAfU9z7R C7ixPlMZvu90S+pXNonfOTCwZQ+UrlSzM6wc2HNI2mjp+BId0rpPtxIqr1hcDNGz IAu+hqxFEZhTu6+olK5qyXCRbz38d2Kg/8uS8YznO6IEvhcAjygnSGRR9EfsaC4R jYMD3tJ8vUgEkJRZmZucicCswqC8WczN8a6fHH6Glbs3eIT2vlFINhFZM8PWQ4E/ vtjf8+JPkfrTe7Y2/SMnBkE082gS1/WjYrKXj8RAMJ2M2Y61O9RdGX+wD3NOwjS0 /6PVf2T9+/QbNAQrQFGcnw3uvsSbSiFgaFGhGuI+DJ6yJfrgXSO1Iis9wrCZ0DlK MLJrDP+u+ZQm7U6GNYNiwBnHocl9s4cYNhTj5QaEM76O51Wt2MVuj4t777W9Zdp9 Jt1lFwHJb1KHizYSxySEp3AJcAcSXv89JA2dxtSdEZGojaPoXouRfXqvybWNu2hP wvpWqYeRHlXw32kpq7xrb1uEMkMBlkh6O/d8JeNpFI/Hd3Cl610JbGIYLhTK5A9w m5q4nGADFF0SDEFQmZEVKFJNIlIQKX7MspdAc7nPBfGWQ8Xhttx4Vag0z6HvSxDS ST2wwG0W5O4NNjr3ibdm6JpEgGcZjWDPgqFSH5UkKgDC712SyUc= =vIL3 -----END PGP SIGNATURE-----

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; tvOS prior to 13.4.6; watchOS prior to 6.2.6; iOS prior to 13.5.1; iPadOS prior to 13.5.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1 iOS 13.5.1 and iPadOS 13.5.1 are now available and address the following: Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9859: unc0ver Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.5.1 and iPadOS 13.5.1". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJe1SzuAAoJEAc+Lhnt8tDNfgUQALNdUFDUuhhF2Zj7jjnx1E1m TNmYZj4OdHcJE9aGKBF4HcUrt5oAYWuyTiBsWYh7tk0Tgfur2QqnoiOGkFW5BfNq NW68jk6JZJwvWp+XSogRLDFMdfUKbSa16JJU2OtQLuRZ7AJsmaU4VT9vXFwv/t22 mXCgb7Uo1I0Ya0z3uJGxluwCi3XNgdu//i9Gcfm5MW6Vu14uaQ3JzYoApskOXQDC aTT/9qW1zJTv18u/qIhQQBj4N1TDY/NUMY8ZJrBAJTXqrHkOuV9jNPkcSeM+68Br 9ExmGm1lBoaX+gIDOvVHb+Br70fsuecFBYN5C/W35R51puyV3mqY3WPV7pPVVA/P Yh8PynmjcmCwFS0Ly9MAHqG/48QdusPIus0G08vRXqWrLUDArHLb9out/UOk6F8q JNtKYI1N7slsRvpPi357mHJ8XIz9aUxGdab3v/oUahTFEMDTo174DsWUcMMoPRFp kcnePBv8dOzOO/YKA7mKmvd0ASA4TvSH6E3moqovzihs7ZR+eGEl1sXIG+E1oNWL tjfSlrVAoNdjBNb3O10JTnS9YepIDszPnY9boOFKKmoMp38E6qcVU9zI8QC1UDg/ stmqoq761w1naa+qQXEvWrvDTKwTFUS2IJMEtGa6CHjGKaZL46h4Y87V2Cb/ZXJM db4SzQ1YvI6gUVn20QzV =JYpD -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130

KingView (KingView) is the first industrial configuration software product launched by Asia Control in China. There is an information disclosure vulnerability in KingView, which can be exploited by attackers to obtain sensitive information.

Rockwell Automation (China) Co., Ltd. is a company engaged in industrial automation and information technology. A buffer overflow vulnerability exists in the ActiveX control of the Allen-Bradley control system, which an attacker can use to affect the confidentiality of the system.

KingView (KingView) is the first industrial configuration software product launched by Beijing Asia Control Technology Co., Ltd. in China. There is a DLL hijacking vulnerability in Kingview. An attacker can use the vulnerability to load a DLL file for command execution.

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. SWARCO CPU LS4000 Is the chip software built into the traffic light controller

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data. An attacker could exploit this vulnerability to obtain files containing confidential data

KUNBUS-GW Modbus TCP is a programmable logic controller (PLC) that provides an integrated ControlNet communication port and provides two integrated Ethernet interfaces. KUNBUS-GW Modbus TCP has a denial of service vulnerability. Attackers can use vulnerabilities to bring equipment down.

KUNBUS-GW Modbus TCP is a programmable logic controller (PLC) that provides an integrated ControlNet communication port and provides two integrated Ethernet interfaces. KUNBUS-GW Modbus TCP has a denial of service vulnerability. Attackers can use vulnerabilities to bring equipment down.