VARIoT IoT vulnerabilities database

NBR6210-E is a router product. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

SIMATIC S7-1500 is a modular control system suitable for various automation applications in the field of discrete automation. There is a denial of service vulnerability in SIMATIC S7-1500 of Siemens (China) Co., Ltd., which can be exploited by attackers to cause denial of service.

Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause equipment shutdown and manually restart the PLC to recover.

Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.

Siemens (China) Co., Ltd. is a company focusing on electrification, automation and digitalization. Many products of Siemens (China) Co., Ltd. have denial of service vulnerabilities. Attackers can exploit the vulnerabilities to cause abnormal processing of the device and crash. The device can only be restored by manually restarting the PLC.

WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports. Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 An untrusted data deserialization vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DAR-7000 is an Internet behavior audit gateway of D-Link, a Chinese company. DAR-7000 of D-Link Electronic Equipment (Shanghai) Co., Ltd. The vulnerability is caused by the file parameter of /log/decodmail.php that can deserialize certain content. No detailed vulnerability details are provided at present

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. Multiple Siemens products have a log output neutralization error vulnerability that can be exploited by attackers to send spam to the openvpn log, causing high CPU load. ========================================================================== Ubuntu Security Notice USN-6860-1 July 02, 2024 openvpn vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. (CVE-2024-28882) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS openvpn 2.6.9-1ubuntu4.1 Ubuntu 23.10 openvpn 2.6.5-0ubuntu1.2 Ubuntu 22.04 LTS openvpn 2.5.9-0ubuntu0.22.04.3 Ubuntu 20.04 LTS openvpn 2.4.12-0ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6860-1 CVE-2024-28882, CVE-2024-5594 Package Information: https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1 https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. Samsung's galaxystore Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. Samsung's flow Exists in unspecified vulnerabilities.Information may be obtained

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. Samsung's SmartThings There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges. Alienware m15 R6 firmware, Alienware m15 R7 firmware, alienware m16 r1 Several Dell products, such as firmware, contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. 315 5g iot modem firmware, AQT1000 firmware, AR8031 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption when allocating and accessing an entry in an SMEM partition. APQ8064AU firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption while performing finish HMAC operation when context is freed by keymaster. 315 5g iot modem firmware, 9205 lte modem firmware, APQ8017 Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 is a new generation of multi-service security gateway. Beijing StarNet Ruijie Network Technology Co., Ltd. EG3220 has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A301 is a wireless signal extender from China's Tenda company. There is a security vulnerability in Tenda A301 version 15.13.08.12, which can be exploited by remote attackers to execute arbitrary code on the system or cause a denial of service attack

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda of a301 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A301 is a wireless signal extender from China's Tenda Company. The vulnerability is caused by the /goform/SetOnlineDevName parameter devName failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. OpenPLC Project of OpenPLC_v3 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OpenPLC is an open source programmable logic controller. It can provide low-cost industrial solutions for automation and research. OpenPLC has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the application. Attackers can exploit this vulnerability to perform cross-site scripting attacks through SVG documents as profile pictures