VARIoT IoT vulnerabilities database

Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. Unity Server is prone to a remote security vulnerability

The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. The 12/640 PS LaserWriter is a Postscript capable printer distributed by Apple. When the tool is used to configure a printer, the device does not require the setting of a telnet server password. This may allow unauthorized remote access to the device. TCP/IP Print Configuration Tool is a security and management software for Apple.LaserWriter 12/640 PS printer

Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. It has been reported that the WET11 device is prone to a denial of service condition when receiving specially crafted packets. The device will crash when it receives packets that have the same MAC address as the device itself. Linksys WET11 is an Ethernet to 802.11b bridge that can bridge a single host or an entire network

The DSL-500 is an ADSL broadband router developed by D-Link. The DSL-500 includes a default telnet password that can be used by remote attackers to access control devices. The DSL-500 includes a default telnet password of 'private', which allows an attacker to gain unauthorized access to the device for a denial of service attack or other malicious activity. This could result in unauthorized access, denial of service, or other problems

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link.  DWL-900AP + contains an undisclosed TFTP service program.  -WEP encryption key.  -Network configuration data (address, SSID, etc.).  This data exists in clear text, and through this data, an attacker may be able to control the entire device.  In addition, you can obtain other configuration files by accessing the request TFTP server:  -eeprom.dat  -mac.dat  -wtune.dat  -rom.img  -normal.img. This could lead to the disclosure of sensitive information

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The request contains a Content-Length header but no body data

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The request contained a negative integer value in the Content-Length header

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. It has to do with incorrect use of the socketInputBuffered function

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The vulnerability is related to the websSafeUrl function

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. IBM AIX In IPSec of esp4_input() There is a vulnerability in the function that does not properly check the integrity of authentication data.There is a possibility of a kernel panic condition. A vulnerability in several implementations of IPSec related to handling of malformed ESP packets has been reported. On several systems, the conditions may be exploited to cause kernel panics. IPSEC is a set of IP security extensions that provide verification and encryption functions. It includes two types of packets, ESP and AH, represented by IP protocols 50 and 51 respectively. Several IPSec implementations have a vulnerability. Remote attackers can exploit this vulnerability to conduct denial of service attacks

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. As a result, files containing usernames and passwords may be viewed. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software

Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. Certain versions of Cisco CatOS ship with an embedded HTTP server. This issue is reported to affect CatOS versions 5.4 through 7.4 which contain "cv" in the image name

Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections. There is a vulnerability in several state-based firewall products that allows arbitrary remote attackers to conduct denial of service attacks against vulnerable firewalls. There is a vulnerability that causes the firewall to not accept new sessions by sending a large number of packets to a multi-vendor firewall by exploiting the state table specification.Service disruption to firewall (DoS) It may be in a state. It has been reported that many firewalls do not properly handle certain types of input. Firewall systems that maintain state could be attacked and forced into a situation where all service is denied. This condition would occur as a result of certain types of traffic floods. A comprehensive listing of affected products is not available at this time. A variety of firewall products use the state table to judge whether the obtained packet belongs to the existing session between two hosts. The firewall will remove relevant entries from the state table for different reasons, including session time-out expiration, detection of TCP FIN or TCP, RST packets, and so on. If new state entries are added faster than the firewall can delete entries, a remote attacker can exploit this to fill up all state table buffers, resulting in a denial of service attack. The packet of the session state is refused to accept, and the new connection will not be established, resulting in a denial of service attack. Attackers can use the following methods to attack: TCP SYN FLOOD In order to establish a TCP connection, the client and server must participate in a three-way handshake. The client system sends a SYN message to the server, and the server responds to the SYN message to the client by sending a SYN-ACK message. The client finally completes the establishment of the connection by replying to the ACK message, and then performs data transmission. In a SYN FLOOD attack, an attacker can send SYN packets with forged IP source addresses, making the communications appear to come from multiple clients. Because the client address is forged, the SYN-ACK message sent to the client will be discarded, and a large number of such communications can cause the firewall's entry table to be filled with forged entries, resulting in a denial of service attack. UDP Flood In a UDP FLOOD attack, the attacker can send a large number of small UDP packets with forged source IP addresses. However, since the UDP protocol is connectionless, there is no session state indication information (SYN, SYN-ACK, ACK, FIN, or RST) to help the firewall detect abnormal protocol states. As a result, state-based firewalls must rely on source and destination addresses to create state table entries and set session timeout values. The CRC check is calculated at each network layer and is used to determine whether data has been corrupted during transmission. C2 Flood is a packet containing an illegal checksum of the transport layer (TCP, UDP). Since the checksum of the transport layer does not go through the firewall operation, many implementations choose to optimize performance by ignoring these checksums, so if C2..

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. A denial of service vulnerability has been reported in this component. According to the report, the proxy blocks while attempting to resolve hostnames specified in CONNECT requests. While this is occuring, requests from other clients are not handled. This behaviour can be exploited to cause a denial of service condition. There is a problem when the WEB proxy service program of the firewall handles non-existing internal URLs. By submitting non-existent or wrong internal URL requests multiple times, the proxy service program may time out for a period of time without responding to subsequent proxy request connections, resulting in Denial of service attack

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. The "Simple, Secure Webserver" is a HTTP proxy included with Raptor Firewall, Symantec Enterprise Firewall, VelociRaptor and Symantec Gateway Security. An information disclosure vulnerability has been reported in this component. According to the report, it is possible for external hosts to identify responsive hosts on the network connected to the internal interface. Responsive and unresponsive hosts can be distinguished based on the response to a CONNECT request for a guessed internal IP address. This vulnerability can generate different error messages when the host is online

Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Microsoft TSAC Web Package and Microsoft IIS Included in the component connect.asp Is vulnerable to cross-site scripting due to improper sanitization of external input.Microsoft TSAC Web Package and Microsoft IIS 5.1 In any web Scripts and HTML May be inserted. It is an optional component that is installed by end-users. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system.  Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall does not handle TCP connections correctly. Remote attackers can use this vulnerability to conduct denial of service attacks.  The FM114P Cable / DSL Prosafe 802.11b wireless firewall includes a WEB interface.  Normal function must be restored by manual restart. A reboot of the device is necessary to resume normal operation

Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system.  Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall stores plain text account information during backup operations. Remote attackers can use this vulnerability to obtain account data to further attack the system.  When the FM114P Cable / DSL Prosafe 802.11b wireless firewall is configured for backup operation, the device will save the DDNS (DynDNS) account data in the system in clear text. A remote attacker can obtain account information by accessing this file to help the attacker further attack the WEB interface.  It must be noted that the backup configuration option is not enabled by default