VARIoT IoT vulnerabilities database

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. (DoS) It may be put into a state. Dell Digital Delivery is an application dedicated to Dell computer equipment and used to purchase computer pre-installed software online

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: 2001122; 11.0.1.54. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of manualUpgradeInfo objects. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current process. Xiaomi MIUI is an Android-based smartphone operating system developed by China's Xiaomi Technology Company (Xiaomi). There is a security vulnerability in Xiaomi MIUI V11.0.5.0.QFAEUXM version, the vulnerability stems from the fact that the program does not properly handle the function used to open other components. An attacker can exploit this vulnerability to obtain information through a specially crafted web page

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user's unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: 2001122. Xiaomi MIUI The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. The issue lies in the ability to send an intent that would not otherwise be permitted. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within Xiaomi GetApps webview. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive. Citrix Gateway Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. An attacker could exploit this vulnerability to disclose information

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. D-Link DIR-825 device and TRENDnet TEW-632BRP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. TRENDnet TEW-632BRP is a 300Mbps wireless home router. D-Link DIR-825 and TRENDnet TEW-632BRP have a command injection vulnerability

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. plural Lexmark The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. Lexmark CS31x, etc. are all printers of Lexmark Corporation. The vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. plural Lexmark The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. Lexmark CS31x, etc. are all printers of Lexmark Corporation. The vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. D-Link DIR-825 device and TRENDnet TEW-632BRP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. TRENDnet TEW-632BRP is a 300Mbps wireless home router. D-Link DIR-825 and TRENDnet TEW-632BRP have a command injection vulnerability

Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges. (DoS) It may be put into a state. Patriot Viper RGB is a memory module device of Patriot Company of Taiwan, China. Patriot Viper RGB Driver is its driver. Attackers can use IOCTL Codes 0x80102050 and 0x80102054 to exploit this vulnerability to execute arbitrary code with elevated privileges

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. D-Link DIR-825 The device is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. D-Link DIR-825 Device and TRENDnet TEW-632BRP To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. TRENDnet TEW-632BRP is a 300Mbps wireless home router. D-Link DIR-825 and TRENDnet TEW-632BRP have a command injection vulnerability

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. Citrix Gateway To HTTP There is a vulnerability related to Request Smagling.Information may be obtained and tampered with. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. An attacker could exploit this vulnerability to bypass the caching system

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. Dell EMC Isilon OneFS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC Isilon OneFS is a scale-out storage system for unstructured data from Dell. An attacker could exploit this vulnerability with a specially crafted request to bypass security restrictions and compromise the system

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. (DoS) It may be put into a state

An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface can install firmware of their choice. D-Link DSL-2640B There is an authentication vulnerability in the device.Information may be tampered with. D-Link DSL-2640B is an ADSL2 / 2 + modem with wireless router function. D-Link DSL-2640B E1 EU_1.01 has a firmware update vulnerability

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, eavesdrop on users and record what XIAOMI AI speaker hears, delete the entire XIAOMI AI speaker system, modify system files, stop voice assistant service, start the XIAOMI AI speaker’s SSH service as a backdoor. XIAOMI AI speaker MDZ-25-DT Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. HUMAX HGA12R-02 A session fixation vulnerability exists on the device.Information may be obtained and tampered with. HUMAX HGA12R-02 BRGCAA is a wireless router from South Korea's HUMAX company. An attacker could use this vulnerability to hijack a user's valid session, then create a user account or control the device with the permissions of the session

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. Comtrend VR-3033 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Comtrend VR-3033 is a high power 802.11n 300Mbps single line VDSL router. Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m has a command injection vulnerability

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. (DoS) It may be put into a state. Crafted data in an ARF file can trigger access to memory prior to initialization. Microsoft Windows is an operating system used by a set of personal devices of Microsoft Corporation in the United States. The following products and versions are affected: Webex Network Recording Player Release WBS earlier than 39.5.17 (Cisco Webex Meetings), Release WBS earlier than 39.11.0 (Cisco Webex Meetings), Release 1.3.43 earlier (Cisco Webex Meetings Online), Release 3.0MR3 prior to SecurityPatch1 (Cisco Webex Meetings Server), prior to 4.0MR2SecurityPatch2 (Cisco Webex Meetings Server); Webex Player Release prior to WBS 39.5.17 (Cisco Webex Meetings), Release prior to Release WBS 39.11.0 (Cisco Webex Meetings) , versions earlier than Release 1.3.43 (Cisco Webex Meetings Online)