VARIoT IoT vulnerabilities database

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords. RouterOS Contains a vulnerability in the integrity verification of downloaded code.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. There is a security vulnerability in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions. The vulnerability stems from the fact that the program does not fully verify the source of the update package download. An attacker can exploit this vulnerability to obtain all user names and passwords of the system

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning. RouterOS Is vulnerable to a lack of authentication for critical functions.Information may be tampered with. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in MikroTik RouterOS 6.45.6 Stable and earlier versions and 6.44.5 Long-term and earlier versions

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. RouterOS Contains an input validation vulnerability.Information may be tampered with

S7-200 SMART is a small PLC developed by Siemens, with friendly interface and more user-friendly software operation. The SIEMENS S7-200 SIMATIC PLC has a remote control vulnerability. An attacker can use the vulnerability to remotely control the PLC

S7-200 SMART is a small PLC developed by Siemens, with friendly interface and more user-friendly software operation. A remote control vulnerability exists in the SIEMENS S7-200 SIMATIC PLC. Attackers can use vulnerabilities to construct special application-layer data packets, causing a denial of service

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. plural Modicon The product contains a vulnerability related to clear transmission of important information.Information may be obtained

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands. FortiExtender Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiExtender is a wireless WAN (Wide Area Network) expander from Fortinet. There are operating system command injection vulnerabilities in Fortinet FortiExtender versions prior to 4.1.2. This vulnerability is caused by external input data constructing operating system executable commands. Network systems or products do not properly filter special characters, commands, etc., which can be exploited by attackers. This vulnerability performs an illegal operating system command

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check. FortiClient Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a security vulnerability in a root process in Fortinet FortiClient 6.2.1 and earlier versions based on the Mac OS platform

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC Contains vulnerabilities related to lack of effective post-lifetime resource release and initialization vulnerabilities.Information may be obtained. ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020 libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680) It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681) It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15690, CVE-2019-20788) It was discovered that LibVNCServer incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1 Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4 After a standard system update you need to restart LibVNCServer to make all the necessary changes. References: https://usn.ubuntu.com/4407-1 CVE-2017-18922, CVE-2019-15680, CVE-2019-15681, CVE-2019-15690, CVE-2019-20788 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4 . Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. (CVE-2016-9941, CVE-2016-9942) It was discovered that iTALC had an out-of-bounds write, multiple heap out-of-bounds writes, an infinite loop, improper initializations, and null pointer vulnerabilities

asterisk allows calls on prohibited networks. asterisk Contains an unauthorized authentication vulnerability.Information may be tampered with

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. Compal Broadband CH7465LG Modem contains a path traversal vulnerability.Information may be obtained. The Compal Broadband CH7465LG modem is a modem from Compal, Taiwan

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites. Mitsubishi Electric ME-RTU Device and INEA ME-RTU A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inea ME-RTU is an intelligent communication gateway product from Inea Company of Slovenia. Mitsubishi Electric smartRTU 2.02 and earlier versions and INEA ME-RTU 3.0 and earlier versions have a trust management issue vulnerability that originates from the device in / etc / ssh / ssh_host_rsa_key, / etc / ssh / ssh_host_ecdsa_key, and / etc / ssh / ssh_host_dsa_key The private key value in can be accessed through the manufacturer's website, and an attacker could use this vulnerability to gain unauthorized access or leak encrypted information

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.). Mitsubishi Electric ME-RTU Device and INEA ME-RTU A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inea ME-RTU is an intelligent communication gateway product from Inea Company of Slovenia. The vulnerability originates from a program with an undocumented account (using hard-coded credentials). An attacker could exploit this vulnerability to Elevated to root

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data. Mitsubishi Electric ME-RTU Device and INEA ME-RTU The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inea ME-RTU is an intelligent communication gateway product from Inea Company of Slovenia

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. Mitsubishi Electric ME-RTU Device and INEA ME-RTU A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. Inea ME-RTU is an intelligent communication gateway product from Inea Company of Slovenia. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). Mitsubishi Electric ME-RTU Device and INEA ME-RTU The device contains a vulnerability related to information leakage.Information may be obtained. Inea ME-RTU is an intelligent communication gateway product of Inea Company in Slovenia. There are security vulnerabilities in Mitsubishi Electric smartRTU 2.02 and earlier versions and INEA ME-RTU 3.0 and earlier versions

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. Mitsubishi Electric ME-RTU Device and INEA ME-RTU A device contains a vulnerability regarding improper default permissions.Information may be obtained. Inea ME-RTU is an intelligent communication gateway product of Inea, Slovenia. There are security vulnerabilities in Mitsubishi Electric smartRTU 2.02 and earlier versions and INEA ME-RTU 3.0 and earlier versions. The vulnerabilities stem from the program assigning global readable permissions to the /usr/smartrtu/init/settings.xml file on the file system

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. Mitsubishi Electric ME-RTU Device and INEA ME-RTU The device contains a vulnerability related to information leakage from the cache.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Inea ME-RTU is an intelligent communication gateway product from Inea Company of Slovenia. Mitsubishi Electric smartRTU 2.02 and earlier versions and INEA ME-RTU 3.0 and earlier versions have password plaintext storage vulnerabilities. The vulnerability stems from programs storing passwords in plain text. Access to services

An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. TerraMaster FS-210 The device contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TerraMaster FS-210 is a NAS (Network Attached Storage) device from the company of TerraMaster, Shenzhen, China. A privilege escalation vulnerability exists in the TerraMaster FS-210 version 4.0.19, which can be exploited by an attacker to gain privileges with the 1.user.php file

Baidu Tiangong Intelligent Platform is a cloud service platform for the Internet of Things field. It communicates through mainstream IoT protocols (such as MQTT), and can build IoT projects between smart devices and the cloud. An unauthorized access vulnerability exists in Baidu Tiangong's intelligent platform. Attackers can use last-will to receive messages without authorization.