VARIoT IoT vulnerabilities database

On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP ASM system may consume excessive resources when processing certain types of HTTP responses from the origin web server. This vulnerability is only known to affect resource-constrained systems in which the security policy is configured with response-side features, such as Data Guard or response-side learning. BIG-IP APM Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. A security vulnerability exists in F5 BIG-IP ASM. A remote attacker can exploit this vulnerability to consume a large amount of resources, interrupt traffic processing, and cause a denial of service. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1.5 Version, 11.5.2 to 11.6.5

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. BIG-IP Is vulnerable to a lack of free resources after a valid lifetime.Service operation interruption (DoS) There is a possibility of being put into a state

Xiaomi AI speaker is a smart speaker product produced by Xiaomi. There is a heap corruption vulnerability in the Xiaomi AI Speaker-mDNS service. The vulnerability is due to the laxity of the boundary check when the program service parses the request message, resulting in arbitrary writing of the memory heap. An attacker could use the vulnerability to execute arbitrary code.

Xiaomi AI speaker is a smart speaker product produced by Xiaomi. There is a denial of service vulnerability in the Xiaomi AI Speaker-mDNS service. The vulnerability is caused by the program service failing to fully judge the malformed message when parsing the request message, causing the parsing thread to fall into an infinite loop. An attacker could use the vulnerability to launch a denial of service attack.

Xinhua San Technology Co., Ltd. has the overall capabilities of a full range of digital infrastructures such as computing, storage, networking, and security, providing cloud computing, big data, intelligent connectivity, information security, new security, Internet of Things, edge computing, artificial intelligence, 5G, etc. One-stop digital solutions, as well as end-to-end technical services. H3C ACG1000-M switch has weak password vulnerability. Allows an attacker to log in to the background of the system to obtain sensitive information.

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. plural ASUS The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. ASUS SmartHome Gateway HG100 and other products are products of ASUS, Taiwan. ASUS SmartHome Gateway HG100 is a smart home central control gateway device. ASUS WS-101 is a smart switch sensor. TS-101 is a temperature / humidity sensor. There are security vulnerabilities in ASUS SmartHome Gateway HG100 version 1.05.12, WS-101 version 1.05.12, and TS-101 version 1.05.12 (using ZigBee PRO). An attacker could use this vulnerability to cause a denial of service

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. plural Xiaomi The product device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xiaomi DGNWG03LM and other products are products of Xiaomi China. Xiaomi DGNWG03LM is a smart home gateway device. ZNCZ03LM is a smart switch device. MCCGQ01LM is a smart remote control. There are security holes in several Xiaomi products

IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. IBM MQ Contains an input validation vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 170966 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages. plural ASUS The product contains a vulnerability in transmitting sensitive information in the clear.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ASUS SmartHome Gateway HG100 and other products are products of ASUS, Taiwan. ASUS SmartHome Gateway HG100 is a smart home central control gateway device. ASUS WS-101 is a smart switch sensor. TS-101 is a temperature / humidity sensor. There are security vulnerabilities in ASUS SmartHome Gateway HG100 version 1.05.12, WS-101 version 1.05.12 and TS-101 version 1.05.12 (using ZigBee PRO), which originated from the program's insecure transmission of keys

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages. plural Xiaomi The product device contains a vulnerability related to authentication bypass by the user control key.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Xiaomi DGNWG03LM and other products are products of Xiaomi China. Xiaomi DGNWG03LM is a smart home gateway device. ZNCZ03LM is a smart switch device. MCCGQ01LM is a smart remote control. There are security vulnerabilities in several Xiaomi products, which stem from the program's insecure transmission of keys

An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. plural Xiaomi The product device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xiaomi DGNWG03LM and other products are products of Xiaomi China. Xiaomi DGNWG03LM is a smart home gateway device. ZNCZ03LM is a smart switch device. MCCGQ01LM is a smart remote control. There are security holes in several Xiaomi products. An attacker could use this vulnerability to cause a denial of service

3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. plural ASUS The product contains an input validation vulnerability.Denial of service (DoS) May be in a state. ASUS SmartHome Gateway HG100 and other products are products of ASUS, Taiwan. ASUS SmartHome Gateway HG100 is a smart home central control gateway device. ASUS WS-101 is a smart switch sensor. TS-101 is a temperature / humidity sensor. There are security vulnerabilities in ASUS SmartHome Gateway HG100 version 1.05.12, WS-101 version 1.05.12, and TS-101 version 1.05.12 (using ZigBee PRO)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions. Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. BIG-IP ASM Contains an authentication vulnerability.Information may be obtained and information may be altered. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. Attackers can exploit this vulnerability to intercept traffic sent to cloud services, read and modify transmitted data

Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. PLC Editor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON PLC Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WCP files. A crafted PortPath element in a WCP file can trigger an overflow of a fixed-length buffer. WECON Technologies PLC Editor is a programming software for programmable logic controllers (PLCs) from China WECON Technologies

Hangzhou H3C Communication Technology Co., Ltd. (abbreviated as H3C), mainly provides research, development, production, sales and service of IT infrastructure products and solutions. The H3C ER5100 router has a weak password vulnerability. Attackers can use the vulnerability to log in to the router backend.

An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. Philips Veradius Unity , Pulsera , Endura Dual WAN The router contains a cryptographic strength vulnerability.Denial of service (DoS) May be in a state. Philips Veradius Unity and others are European C-arm devices for the medical industry from Philips. The vulnerability stems from the use of a weak encryption mechanism in the program. Attackers can use this vulnerability to invade the management interface of the front-end router and affect the availability of data transmission

Hangzhou Huasan Communication Technology Co., Ltd. (referred to as Huasan Communication), mainly provides research, development, production, sales and services of IT infrastructure products and solutions. Huasan ER6300G2 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the router's backend.

Hangzhou Huasan Communication Technology Co., Ltd. (referred to as Huasan Communication), mainly provides research, development, production, sales and services of IT infrastructure products and solutions. Huasan ER3260 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the router's backend.