VARIoT IoT vulnerabilities database
| VAR-202006-1809 | CVE-2020-12032 | Baxter ExactaMix EM 2400 and EM1200 Vulnerability regarding lack of encryption of critical data in |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. Baxter ExactaMix EM 2400 and EM1200 There is a vulnerability in the lack of encryption of critical data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Baxter ExactaMix EM2400 and ExactaMix EM1200 are both an automated drug mixing system of Baxter.
Baxter ExactaMix EM2400 and EM1200 have encryption vulnerabilities
| VAR-202006-0584 | CVE-2020-14426 | plural NETGEAR Inadequate protection of credentials on devices |
CVSS V2: 3.3 CVSS V3: 8.8 Severity: HIGH |
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. plural NETGEAR Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RBK752, etc. are all home WiFi systems of NETGEAR.
There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to obtain management credentials. This affects RBK752 prior to 3.2.15.25, RBK753 prior to 3.2.15.25, RBK753S prior to 3.2.15.25, RBR750 prior to 3.2.15.25, RBS750 prior to 3.2.15.25, RBK852 prior to 3.2.10.11, RBK853 prior to 3.2.10.11, RBR850 prior to 3.2.10.11, RBS850 prior to 3.2.10.11, RBK842 prior to 3.2.10.11, RBR840 prior to 3.2.10.11, and RBS840 prior to 3.2.10.11
| VAR-202006-0325 | CVE-2020-12037 | Baxter PrismaFlex and PrisMax Vulnerability in plaintext transmission of important information in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Baxter PrismaFlex and PrisMax Includes a vulnerability in the transmission of important information in clear text.Information may be obtained. Baxter PrismaFlex is an intensive care equipment manufactured by Baxter.
There is a hard-coded vulnerability in Baxter PrismaFlex (all versions). The vulnerability stems from the fact that PrismaFlex contains a hard-coded service password. Attackers can use the vulnerability to modify device settings and calibration values
| VAR-202007-0205 | CVE-2020-12007 | Mitsubishi Electric MC Works64 Code Issue Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. Authentication is not required to exploit this vulnerability.The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Mitsubishi Electric MC Works64 is a set of data acquisition and monitoring system (SCADA) of Japan Mitsubishi Electric (Mitsubishi Electric) company. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
| VAR-202006-1128 | CVE-2020-3292 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
| VAR-202006-1130 | CVE-2020-3294 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
| VAR-202006-1685 | CVE-2020-6752 | OMERO.server information disclosure vulnerability |
CVSS V2: 5.5 CVSS V3: 3.8 Severity: LOW |
In OMERO before 5.6.1, group owners can access members' data in other groups. OMERO There is an information leakage vulnerability in.Information may be obtained and tampered with. OMERO.server is an image server of the Open Microscopy Environment team.
There are security vulnerabilities in OMERO.server versions before 5.6.1
| VAR-202006-1118 | CVE-2020-3277 | plural Cisco Small Business RV In series routers OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
| VAR-202006-1114 | CVE-2020-3269 | plural Cisco RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States.
There are buffer overflow vulnerabilities in the web management interface of many Cisco products. The vulnerability stems from the program's failure to properly limit user input boundaries
| VAR-202006-1154 | CVE-2020-3360 | Cisco IP Phones series 7800 and 8800 Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device
| VAR-202006-1115 | CVE-2020-3274 | plural Cisco Small Business RV In series routers OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
| VAR-202006-1131 | CVE-2020-3295 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
| VAR-202006-1126 | CVE-2020-3290 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary
| VAR-202006-1116 | CVE-2020-3275 | plural Cisco Small Business RV In series routers OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
| VAR-202006-1125 | CVE-2020-3289 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202006-0224 | CVE-2020-14157 | ABUS Secvest FUBE50001 Information Disclosure Vulnerability |
CVSS V2: 4.8 CVSS V3: 8.1 Severity: HIGH |
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. ABUS Secvest FUBE50001 The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. ABUS Secvest FUBE50001 is a wireless control unit of German ABUS company.
There is a security loophole in the wireless communication function of the ABUS Secvest FUBE50001 device, which is caused by the program not encrypting sensitive data. Advisory ID: SYSS-2020-014
Product: ABUS Secvest Wireless Control Device (FUBE50001)
Manufacturer: ABUS
Affected Version(s): N/A
Tested Version(s): N/A
Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2020-04-03
Solution Date: -
Public Disclosure: 2020-06-17
CVE Reference: CVE-2020-14157
Authors of Advisory: Michael Rüttgers, Thomas Detert,
Matthias Deeg (SySS GmbH)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overview:
ABUS Secvest Wireless Control Device (FUBE50001) is a wireless control
panel for the ABUS Secvest wireless alarm system.
Some of the device features as described by the manufacturer are
(see [1]):
"
* Easy operation via code or proximity keyfob
The Secvest wireless control panel is an optional Secvest accessory.
Every wireless control panel can be operated from your system via PIN
code. It is possible to arm and disarm the panel via proximity keyfob.
* Flexible use in entrance areas
Up to 8 control panels can be integrated into the alarm system. These
additional modules can be placed in various areas of the building.
This provides added convenience for you, because Secvest can be armed
and disarmed directly on the wireless control panel, without the need
to go back to the central alarm panel every time.
In addition to internal arming or arming individual sub-areas, you can
also switch a single output, such as the garage door, if desired.
* Secure wireless communication
Thanks to a secure wireless communication procedure, this product is
protected against ‘replay attacks’, as are the Secvest wireless alarm
system and Secvest Touch alarm systems. This procedure for preventing
third-party tampering exceeds the requirements of the “DIN EN 50131-1
level 2” security standard.
Thus, an attacker observing radio signals of an ABUS FUBE50001
wireless control panel is able to see all sensitive data of transmitted
packets as cleartext and can analyze the used packet format and the
communication protocol.
By knowing the correct PIN code or the ID of a valid ABUS Secvest
proximity chip key, an attacker is able to disarm the wireless alarm
system in an unauthorized way.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Proof of Concept (PoC):
Michael Rüttgers, Thomas Detert, and Matthias Deeg developed different
PoC software tools, either for the RFCat-based radio dongle YARD Stick
One [3] in one version, or the GreatFet One neighbor Erica [4] in another
one, that allowed sniffing out used PIN codes or used proximity chip key
IDs when eavesdropping on the FUBE50001 wireless communication.
The following output exemplarily shows a successful PIN code sniffing
attack:
$ python2 abus_fube50001_pin_sniffer.py
ABUS Secvest FUBE50001 PIN Code Sniffer PoC - SySS GmbH (c) 2020
by Thomas Detert, Michael Rüttgers, and Matthias Deeg
---
[*] Listening for ABUS FUBE50001 packets ...
[*] Received packet:
f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f333333333117162f5
[*] Decoded packet : da0a077ed5c549888800626b
[*] Received packet:
f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaaccccd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaa
[*] Decoded packet : da86937707e4884040a0c8ecff005e1fb9
[*] Detected FUBE50001 packet with FUBE50001 PIN
[+] Sniffed PIN code: 1337
(...)
An example of a successful sniffing attack regarding the ID of an ABUS
proximity chip key is illustrated in the following output:
$ python2 abus_fube50001_chip_key_id_sniffer.py
ABUS Secvest FUBE50001 Proximity Chip Key ID Sniffer PoC - SySS GmbH (c)
2020
by Thomas Detert, Michael Rüttgers, and Matthias Deeg
---
[*] Listening for ABUS FUBE50001 packets ...
[*] Received packet:
f0f352b4b332b2cad52accd554d34cb32cccd33332b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567
[*] Decoded packet: da81937707e488404018b9165b475f3c46
[*] Detected FUBE50001 packet with proximity token ID
[+] Sniffed proximity chip key ID: 3805964445
(...)
The described sniffing attacks are also demonstrated in the SySS
Proof-of-Concept Video titled "ABUS Secvest Sniffing Attack" which is
available on the SySS YouTube Channel [8].
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclosure Timeline:
2020-04-03: Vulnerability reported to manufacturer
2020-06-17: Public release of security advisory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
References:
[1] Product website for ABUS Secvest wireless control device
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Control-Device
[2] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] GreatFET One neighbor Erica targeting the 315/433/868/915 MHz
freqency bands
https://github.com/AsFaBw/erica
[5] GreatFET wiki
https://github.com/greatscottgadgets/greatfet/wiki
[6] SySS Security Advisory SYSS-2020-014
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
[7] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[8] SySS Proof of Concept Video: ABUS Secvest Sniffing Attack
https://www.youtube.com/watch?v=kCqAVYyahLc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Credits:
This security vulnerability was found by Michael Rüttgers and Thomas
Detert.
Mr. Rüttgers and Mr. Detert reported this finding to SySS GmbH where it
was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de
Public Key:
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
| VAR-202006-1113 | CVE-2020-3268 | plural Cisco RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States.
There are command injection vulnerabilities in many Cisco products. The vulnerability stems from the web interface's failure to properly verify the input submitted by the user
| VAR-202006-1117 | CVE-2020-3276 | plural Cisco Small Business RV In series routers OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. (DoS) It may be put into a state. Cisco Small Business RV320, etc. are all a VPN router of Cisco in the United States.
There are command injection vulnerabilities in the web management interface in many Cisco products. The vulnerability stems from the program's failure to properly verify the input submitted by the user
| VAR-202006-0747 | CVE-2019-16245 | OMERO Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
OMERO before 5.6.1 makes the details of each user available to all users. OMERO There is an information leakage vulnerability in.Information may be obtained. OMERO.server is an image server of the Open Microscopy Environment team.
There are security vulnerabilities in OMERO.server versions before 5.6.1
| VAR-202006-1124 | CVE-2020-3288 | plural Cisco Small Business RV Buffer error vulnerability in series routers |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco Small Business RV016 Multi-WAN VPN is a VPN router from Cisco in the United States. The vulnerability stems from the program's failure to properly limit the user's input boundary