VARIoT IoT vulnerabilities database

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution. Marvell 88W8688 Wi-Fi The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Marvell 88W8688 is a Bluetooth / Wi-Fi chip from Marvell

An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. Marvell 88W8688 Wi-Fi The firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Marvell 88W8688 is a Bluetooth / Wi-Fi chip from Marvell

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service. BIG-IP Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. Traffic Management Microkernel (TMM) is one of the traffic management components. The TMM in F5 BIG-IP versions 14.1.0 to 14.1.2, 14.0.0 to 14.0.1, and 13.1.0 to 13.1.1 has a security vulnerability

Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. Fortinet FortiOS Contains an improper default permissions vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Security vulnerabilities exist in Fortinet FortiOS 5.6.10 and earlier, versions 6.0.0 to 6.0.6, and 6.2.0. Attackers can exploit this vulnerability to cause information disclosure

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources. BIG-IP APM Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP APM is the United States F5 A suite of access and security solutions for companies. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM There are security holes in . An attacker could exploit this vulnerability to consume large amounts of memory. The following products and versions are affected: F5 BIG-IP APM 14.1.0 version to 14.1.2 Version, 14.0.0 version to 14.0.1 Version, 13.0.0 version to 13.1.3 Version, 12.1.0 version to 12.1.4 Version, 11.6.2 version to 11.6.5 Version

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. Omron CX-Supervisor and Teamviewer Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of OMRON CX-Supervisor. The issue results from the use of an outdated version of Teamviewer containing known vulnerabilities. An attacker can leverage this vulnerability to execute code in the context of the current process. Omron CX-Supervisor is a visual machine controller from Japan's Omron. CX-Supervisor has an unknown vulnerability, which can be used by an attacker to cause information leakage, comprehensive damage to the system, and denial of service. TeamViewer is a set of software for remote control, desktop sharing and file transfer of German TeamViewer company

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. eQ-3 Homematic CCU2 , CCU3 , Script Parser The add-on contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both eQ-3 Homematic CCU3 and eQ-3 Homematic CCU2 are central control units of a smart home system produced by German eQ-3 company. There are security vulnerabilities in Script Parser AddOn 1.8 and earlier versions in eQ-3 Homematic CCU2 version 2.47.20 and CCU3 version 3.47.18. An attacker could exploit this vulnerability to execute code

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. eQ-3 Homematic CCU2 , CCU3 , HM-Print Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Both eQ-3 Homematic CCU3 and eQ-3 Homematic CCU2 are central control units of a smart home system produced by German eQ-3 company. HM-Print AddOn 1.2a and earlier versions in eQ-3 Homematic CCU2 version 2.47.20 and CCU3 version 3.47.18 have security vulnerabilities. An attacker could exploit this vulnerability to execute code

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. Untangle NG Firewall is a firewall product of Untangle Company in the United States. The product supports functions such as network traffic monitoring, content filtering and security threat protection. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. Untangle NG firewall Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields. Untangle NG firewall Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The product supports functions such as network traffic monitoring, content filtering and security threat protection. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS. Untangle NG firewall Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung S7 Edge Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung S7 Edge is a smartphone from Samsung in South Korea. The Samsung S7 Edge has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Fly Photo Pro Android The device is vulnerable to a lack of authentication.Information may be tampered with. ASN IP Fly Photo Pro is a smart phone from UK ASN IP company. An attacker could use this vulnerability to modify system properties

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. Asus ZenFone 5 Selfie Android device Contains an externally controllable reference to another area resource.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ASUS ZenFone 5 Selfie is a smartphone from ASUS, Taiwan. ASUS ZenFone 5 Selfie has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform unauthorized wireless settings modification

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. Several Siemens products contain input validation vulnerabilities.Information is falsified and denial of service (DoS) May be in a state. Nucleus RTOS provides a highly scalable, microkernel-based, real-time operating system designed for scalability and reliability in systems spanning aerospace, industrial, and medical applications. The Siemens Mentor Nucleus Networking Module has a security vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack

MCGS touch screen TPC1061Ti is an industrial man-machine interface developed by Shenzhen Kunlun Tongstate Technology Co., Ltd., which is widely used in the field of industrial control. MCGS touch screen TPC1061Ti has an unauthorized access vulnerability. An attacker could use this vulnerability to gain unauthorized access and perform unauthorized operations

The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. Samsung J3 Android Devices are vulnerable to improper assignment of permissions to critical resources.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Samsung J3 is a smartphone from Samsung in South Korea. Samsung J3 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to perform application installation through an accessible application component

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. Panasonic Eluga Ray 600 Android The device is vulnerable to a lack of authentication.Information may be tampered with. The Panasonic Eluga Ray 600 is a smart phone from Japan's Panasonic. An attacker could use this vulnerability to modify system properties

The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device. Panasonic ELUGA_I9 Android Device contains an externally controllable reference vulnerability to another area resourceInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Panasonic ELUGA_I9 is a smart phone from Japan's Panasonic Corporation. Panasonic ELUGA_I9 has an access control error vulnerability. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. An attacker could use this vulnerability to execute commands through an accessible application component