VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202007-1492 No CVE Hammer Technology Nut Pro 2 mobile phone has a denial of service vulnerability CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Nut Pro 2 is a new mobile phone released by Hammer Technology at the 2017 Hammer Technology Autumn New Product Launch Conference on November 7, 2017. Hammer Technology Nut Pro 2 mobile phone has a denial of service vulnerability. Attackers can use this vulnerability to occupy system and device resources, causing the device to crash and become unusable.
VAR-202007-1257 CVE-2020-9395 plural Realtek Classic buffer overflow vulnerability in the product CVSS V2: 4.9
CVSS V3: 8.0
Severity: HIGH
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with a long keydata buffer. plural Realtek The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Realtek RTL8195AM, etc. are all an IoT microcontroller of Taiwan Realtek Semiconductor (Realtek). A buffer error vulnerability exists in many Realtek products. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of a specially crafted EAPOL-Key packet. The following products and versions are affected: Realtek RTL8195AM before 2.0.6; RTL8711AM before 2.0.6; RTL8711AF before 2.0.6; RTL8710AF before 2.0.6
VAR-202007-0976 CVE-2020-1836 Huawei P30 and P30 Pro information disclosure vulnerability CVSS V2: 2.9
CVSS V3: 5.3
Severity: MEDIUM
HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. Attackers can use this vulnerability to obtain information by forging a WI-FI hotspot
VAR-202007-1283 CVE-2020-5372 Dell EMC PowerStore Unauthorized authentication vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. Dell EMC PowerStore Exists in a fraudulent authentication vulnerability.Information may be obtained. Dell EMC PowerStore is a storage device of Dell (Dell) in the United States
VAR-202007-0977 CVE-2020-1837 ChangXiang 8 Plus Input verification vulnerability in CVSS V2: 2.9
CVSS V3: 5.3
Severity: MEDIUM
ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition. ChangXiang 8 Plus There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei ChangXiang 8 Plus is a smartphone of China's Huawei (Huawei) company
VAR-202007-1281 CVE-2020-5368 Dell EMC VxRail Vulnerability regarding lack of authentication in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. Dell EMC VxRail is a VMware hyper-converged infrastructure equipment from Dell (Dell). The product includes computing, storage, network, and virtualization resources
VAR-202007-1293 CVE-2020-5356 Dell PowerProtect Data Manager  and  PowerProtect X400  Vulnerability in externally accessible files or directories in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. The product supports functions such as data backup, virtual machine backup and database protection. PowerProtect X400 is a data management device
VAR-202007-1292 CVE-2020-5352 Dell EMC Data Protection Advisor In OS Command injection vulnerabilities CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. (DoS) It may be put into a state. The product supports functions such as data backup, data recovery, and data replication management
VAR-202007-1282 CVE-2020-5371 Dell EMC Isilon OneFS and EMC PowerScale Vulnerability in improper permission assignment for critical resources in CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. Dell EMC Isilon OneFS and EMC PowerScale Includes a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202007-1496 No CVE Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an authorization bypass vulnerability CVSS V2: 3.6
CVSS V3: -
Severity: LOW
Haiwell Cloud Configuration Software is an industrial automation monitoring and management platform software based on .NET Framework developed by Xiamen Haiwell Technology Co., Ltd. Xiamen Haiwell Technology Co., Ltd. cloud configuration software Cloud SCADA has an authorization bypass vulnerability. Attackers can use this vulnerability to bypass the authorization interface and enter the platform.
VAR-202007-1500 No CVE Hangzhou Yishixing Information Technology Co., Ltd.'s Fanzhi Hotel Human Capital ES Management Platform Group Edition has a SQL injection vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Hangzhou Yishixing Information Technology Co., Ltd. is a high-tech enterprise entity specializing in system development, integration and services in the field of card management in the hotel industry personnel logistics and RFID Internet of Things applications. Hangzhou Yishixing Information Technology Co., Ltd. Fanzhi Hotel Human Capital ES Management Platform Group Edition has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.
VAR-202007-0165 CVE-2020-10282 Micro Air Vehicle Link Vulnerability in lack of authentication for critical features in the protocol CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable. (DoS) It may be put into a state
VAR-202007-0164 CVE-2020-10281 Micro Air Vehicle Link Vulnerability in lack of encryption of critical data in protocol CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic
VAR-202007-1489 No CVE Arbitrary code execution vulnerability in Haiwell cloud configuration software Cloud SCADA CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Xiamen Haiwei Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production, sales and service. The Haiwell cloud configuration software Cloud SCADA has an arbitrary code execution vulnerability that an attacker can use to obtain server permissions.
VAR-202007-1188 CVE-2020-9498 Apache Guacamole Buffer error vulnerability in CVSS V2: 6.2
CVSS V3: 6.7
Severity: MEDIUM
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Apache Guacamole Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. There are security vulnerabilities in Apache Guacamole 1.1.0 and earlier versions
VAR-202007-1187 CVE-2020-9497 Apache Guacamole Vulnerability regarding information leakage in CVSS V2: 1.2
CVSS V3: 4.4
Severity: MEDIUM
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Apache Guacamole There is an information leakage vulnerability in.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. Attackers can use this vulnerability to obtain information with the help of specially crafted PDUs
VAR-202007-1414 CVE-2020-6013 ZoneAlarm Firewall and Antivirus Product permission management vulnerabilities CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. ZoneAlarm Firewall and Antivirus The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the ZoneAlarm Service. The issue results from the lack of proper validation of a user-supplied symbolic link prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM
VAR-202007-1400 CVE-2020-5909 NGINX Controller Certificate validation vulnerabilities in CVSS V2: 5.8
CVSS V3: 5.4
Severity: MEDIUM
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. NGINX Controller Exists in a certificate validation vulnerability.Information may be obtained and tampered with. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. F5 NGINX Controller version 1.0.1, version 2.0.0 to version 2.9.0 and version 3.0.0 to version 3.5.0 have a security vulnerability. The vulnerability is caused by the program not correctly validating the server TLS certificate. An attacker could exploit this vulnerability to intercept the communication channel and read or modify data in transit
VAR-202007-1104 CVE-2020-5911 NGINX Controller Vulnerability in CVSS V2: 7.5
CVSS V3: 7.3
Severity: HIGH
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. NGINX Controller There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. F5 NGINX Controller is the United States F5 One of the company's NGINX Centralized monitoring and management platform. The platform supports the management of multiple NGINX instance
VAR-202007-1103 CVE-2020-5910 Neural Autonomic Transport System Authentication vulnerabilities in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5 Corporation in the United States. The platform supports managing multiple NGINX instances using a visual interface. There is a security vulnerability in the NGINX controller NATS message service in F5 NGINX Controller version 1.0.1, 2.0.0 to 2.9.0, and 3.0.0 to 3.5.0. The vulnerability stems from the fact that the program does not perform any form of authentication . Attackers can use this vulnerability to eavesdrop on NATS connections and obtain data stored in message queues