VARIoT IoT vulnerabilities database

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxStandaloneVpnClientsController.ajaxAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute unauthorized SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the fact that the `AjaxFwRulesController.ajaxDeviceFwRulesAction` function does not adequately validate the datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from improper handling of datatable search parameters in the AjaxFwRulesController.ajaxNetworkFwRulesAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxNetworkController.ajaxAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the AjaxDeviceController.ajaxDeviceAction function's failure to properly filter datatable search parameters. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN contains an SQL injection vulnerability. This vulnerability stems from the lack of filtering of datatable search parameters in the AppManagementController.appUpgradeAction function. Attackers can exploit this vulnerability to execute illegal SQL commands and steal sensitive database data

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems. This vulnerability stems from insufficient validation of user input in the StandaloneVpnClientsController.addStandaloneVpnClientAction function

Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Advantech WebAccess/VPN is a virtual private network function integrated into Advantech's WebAccess/SCADA software, designed to provide secure and reliable network connectivity solutions for industrial automation and remote monitoring systems

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.

In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Attackers can exploit this vulnerability to trigger a buffer overflow by constructing malicious parameters, thereby achieving remote code execution

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The Tenda AC8 is a dual-band gigabit wireless router from Tenda, designed for home and small office environments. The Tenda AC8 contains a buffer overflow vulnerability stemming from a failure to properly validate the input length when manipulating the Time parameter in the /goform/DatabaseIniSet file. An attacker could exploit this vulnerability to execute arbitrary code or cause a system crash

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. An attacker could exploit this vulnerability to remotely manipulate the parameter, triggering a buffer overflow that could then execute arbitrary code or cause system crashes

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The Tenda AC23 is a dual-band wireless router for home use, designed for large homes with excellent coverage and high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the fact that the parameter Time in the file /goform/saveParentControlInfo fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The Tenda AC23 is a dual-band wireless router for home use, designed for large homes with excellent coverage and high-speed transmission. It supports 802.11ac Wave2 technology and boasts a maximum concurrent dual-band speed of 2033Mbps. This vulnerability stems from the fact that the `formSetVirtualSer` function parameter `list` in the file `/goform/SetVirtualServerCfg` fails to properly validate the length of the input data. Attackers could exploit this vulnerability to execute arbitrary code or cause a denial-of-service attack

A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. The Tenda A15 is a wireless router device manufactured by Tenda. An attacker could exploit this vulnerability to remotely trigger a buffer overflow and execute arbitrary code

/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an out-of-bounds write vulnerability. This vulnerability stems from the fact that `/etc/timezone` can be written to arbitrarily. Detailed vulnerability information is not currently available

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain an out-of-bounds write vulnerability. This vulnerability stems from the fact that `/etc/avahi/services/z9.service` can be written to arbitrarily. Detailed vulnerability information is not currently available

Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both network access controllers from Azure Access Technology, Inc., a US-based company. Both Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 contain a denial-of-service vulnerability stemming from their susceptibility to the SlowLoris attack. An attacker could exploit this vulnerability to cause a denial-of-service attack