VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202007-0755 CVE-2020-15000 Yubico YubiKey 5  Vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required. Yubico YubiKey 5 An unspecified vulnerability exists in the device.Information may be tampered with. Yubico YubiKey 5 is a multi-protocol security key device from Yubico, Sweden. The OpenPGP implementation in Yubico YubiKey 5 5.2.0 to 5.2.6 has an access control error vulnerability. The vulnerability stems from the network system or product improperly restricting access to resources from unauthorized roles
VAR-202007-1255 CVE-2020-9376 D-Link DIR-610 information disclosure vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** Not supported ** This issue is a vulnerability in an unsupported version. D-Link DIR-610 The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-610 is a wireless router made by D-Link in Taiwan. There is an information disclosure vulnerability in D-Link DIR-610, which is caused by a configuration error in the network system or product during operation. Attackers can use it by sending SERVICES=DEVICE.ACCOUNT\%0AAUTHORIZED_GROUP=1 to the getcfg.php file This vulnerability leads to information disclosure
VAR-202007-1256 CVE-2020-9377 D-Link DIR-610 Code injection vulnerability in device CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** Not supported ** This issue is a vulnerability in an unsupported version. D-Link DIR-610 A code injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-610 is a wireless router made by D-Link in Taiwan. There is a remote code execution vulnerability in D-Link DIR-610. The vulnerability stems from the fact that the network system or product fails to properly filter the special elements in the process of constructing code segments with external input data. The attacker can send it to the command.php file. The'cmd' parameter uses this vulnerability to execute code
VAR-202007-1427 CVE-2020-1646 Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerabilities in devices CVSS V2: 4.3
CVSS V3: 7.5
Severity: HIGH
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected. The operating system provides a secure programming interface and Junos SDK
VAR-202007-1426 CVE-2020-1648 Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. The operating system provides a secure programming interface and Junos SDK. Junos OS Evolved is an upgraded version of Junos OS. An attacker could exploit this vulnerability to cause the Routing Process Daemon (RPD) to crash and restart
VAR-202007-0727 CVE-2020-1654 Juniper Networks Junos OS Classic buffer overflow vulnerability in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. Juniper Networks Junos OS Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. An attacker could exploit this vulnerability to cause a denial of service and execute code. The following products and versions are affected: Juniper Networks Junos OS Release 18.1, Release 18.2, Release 18.3, Release 18.4, Release 19.1, Release 19.2, Release 19.3
VAR-202007-0726 CVE-2020-1653 Juniper Networks Junos OS Buffer error vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1. However, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing]. The number of mbufs is platform dependent. The following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform: user@host> show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart. This issue affects Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Versions of Junos OS prior to 17.4R1 are unaffected by this vulnerability. Juniper Networks Junos OS Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, Release 18.3, Release 18.4, Release 19.1, Release 19.2, Release 19.3, Release 19.4
VAR-202007-0721 CVE-2020-1647 Juniper Networks Junos OS Double Release Vulnerability in CVSS V2: 6.8
CVSS V3: 9.8
Severity: CRITICAL
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. Juniper Networks Junos OS Exists in a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. A remote attacker could exploit this vulnerability to cause a denial of service or to execute code
VAR-202007-0719 CVE-2020-1644 Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1
VAR-202007-0718 CVE-2020-1643 Juniper Networks Junos OS Vulnerability in handling exceptional conditions in CVSS V2: 1.9
CVSS V3: 5.5
Severity: MEDIUM
Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example: ARM (vulnerable): % uname -a | awk '{print $NF}' arm PowerPC (not vulnerable): % uname -a | awk '{print $NF}' powerpc AMD (not vulnerable): % uname -a | awk '{print $NF}' amd64 Intel (not vulnerable): % uname -a | awk '{print $NF}' i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2. Juniper Networks Junos OS Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 12.3X48, Release 14.1X53, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2 , 18.2X75 version, 18.3 version
VAR-202007-0720 CVE-2020-1645 Juniper Networks Junos OS Vulnerability regarding input verification in CVSS V2: 6.8
CVSS V3: 8.3
Severity: HIGH
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2. Juniper Networks Junos OS There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK
VAR-202007-0717 CVE-2020-1641 Juniper Networks Junos OS Race condition vulnerabilities in CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is " /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: " with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 12.3, Release 12.3X48, Release 15.1, Release 15.1X49, Release 15.1X53, Release 16.1, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, 18.2X75 version, 18.3 version, 18.4 version, 19.1 version
VAR-202007-0716 CVE-2020-1640 Juniper Networks Junos OS Vulnerability regarding input verification in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required. This issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. This issue affects: Juniper Networks Junos OS 16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8; 17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8; 17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10; 18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5; 18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) 18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2); 19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2; 19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affect Junos OS prior to 16.1R1. This issue affects IPv4 and IPv6 traffic. Juniper Networks Junos OS There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The following products and versions are affected: Juniper Networks Junos OS Release 16.1, Release 16.2, Release 17.1, Release 17.2, Release 17.3, Release 17.4, Release 18.1, Release 18.2, Release 18.2X75, Release 18.3, Release 18.4, Release 19.1, Release 19.2 , version 19.3, version 19.4, version 20.1
VAR-202007-1179 CVE-2020-8199 Citrix ADC Gateway Linux client Vulnerabilities related to authority management in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. (DoS) It may be put into a state. Citrix Systems Gateway Plug-in is a plug-in of Citrix Systems (Citrix Systems) for connecting and managing Citrix Gateway remote access products. A local attacker could exploit this vulnerability to elevate privileges
VAR-202007-1269 CVE-2020-9258 HUAWEI P30 Vulnerability related to information leakage in smartphones CVSS V2: 1.9
CVSS V3: 5.5
Severity: MEDIUM
HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. HUAWEI P30 Smartphones contain vulnerabilities related to information leakage.Information may be obtained. Huawei P30 is a smart phone of China's Huawei (Huawei) company
VAR-202007-0477 CVE-2019-19416 plural Huawei Product input verification vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. plural Huawei The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei AR1200 and others are all enterprise routers of China's Huawei (Huawei) company
VAR-202007-0476 CVE-2019-19415 plural Huawei Product input verification vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. plural Huawei The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Huawei AR1200, etc. are all enterprise routers of China's Huawei (Huawei) company
VAR-202007-1271 CVE-2020-9260 HUAWEI P30 and P30 Pro Vulnerability related to information leakage in smartphones CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. The vulnerability is caused by the failure of the WI-FI function in the system to set the default security settings
VAR-202007-1175 CVE-2020-8195 Citrix ADC and Gateway Input verification vulnerability in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. are all products of Citrix Systems (Citrix Systems) in the United States. Citrix Application Delivery Controller is an application delivery controller. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a secure remote access solution. Citrix System SDWAN WAN-OP is an SD-WAN (Virtual Software Defined Wide Area Network) appliance. The vulnerability stems from the failure of the network system or product to properly validate the input data
VAR-202007-0473 CVE-2019-19417 plural Huawei Product input verification vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. plural Huawei The product contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state