VARIoT IoT vulnerabilities database

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. Tenda AX1803 v1.0.0.1 version has a buffer overflow vulnerability. This vulnerability is caused by the time parameter in the function saveParentControlInfo failing to correctly verify the length of the input data

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack. Tenda AX1803 is a dual-band Gigabit WIFI6 router from China's Tenda Company. Tenda AX1803 v1.0.0.1 version has a buffer overflow vulnerability. This vulnerability is caused by the urls parameter in the function saveParentControlInfo failing to correctly verify the length of the input data

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda AX1803 v1.0.0.1 version has a buffer overflow vulnerability. This vulnerability is caused by the deviceId parameter in the function saveParentControlInfo failing to correctly verify the length of the input data

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. compact controller 100 firmware, Edge Controller firmware, PFC100 firmware etc. WAGO There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. TOTOLINK A3700R is a wireless router made by China Zeon Electronics (TOTOLINK) Company. There is a code execution vulnerability in the TOTOLINK A3700R v9.1.2u.6134_B20201202 version

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. batch management , communication drivers , edge etc. multiple AVEVA The product contains a vulnerability related to externally controllable references to cross-domain resources.Information is tampered with and service operation is interrupted (DoS) It may be in a state

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. batch management , communication drivers , edge etc. multiple AVEVA There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. ASUSTeK COMPUTER INC. This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. ASUS RT-AC87U is a wireless router from ASUS, a Chinese company

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric of France for power distribution monitoring in an IoT environment. Schneider Electric EcoStruxure Power Monitoring Expert has an open redirect vulnerability. This vulnerability is caused by the system not properly handling target jumps. Attackers can use this vulnerability to redirect users to malicious websites for phishing and other attacks

ASP.NET Core Security Feature Bypass Vulnerability. ========================================================================== Ubuntu Security Notice USN-6480-1 November 15, 2023 dotnet6, dotnet7, dotnet8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime Details: Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. (CVE-2023-36558) Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers. (CVE-2023-36049) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-host 6.0.125-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.100-0ubuntu1~23.10.1 dotnet6 6.0.125-0ubuntu1~23.10.1 dotnet7 7.0.114-0ubuntu1~23.10.1 dotnet8 8.0.100-8.0.0-0ubuntu1~23.10.1 Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-host 6.0.125-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.04.1 dotnet6 6.0.125-0ubuntu1~23.04.1 dotnet7 7.0.114-0ubuntu1~23.04.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-host 6.0.125-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~22.04.1 dotnet6 6.0.125-0ubuntu1~22.04.1 dotnet7 7.0.114-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6480-1 CVE-2023-36049, CVE-2023-36558 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1

ASP.NET Core Denial of Service Vulnerability

Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the program failing to correctly verify the length of the input data

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. Fortinet FortiWLM is a wireless manager from the American company Fortinet. Fortinet FortiWLM has a SQL injection vulnerability, which results from the application's lack of validation of externally input SQL statements

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. Siemens' SIMATIC PCS neo Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. SIMATIC PCS neo is a distributed control system (DCS)

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. Siemens' SIMATIC PCS neo contains an overly permissive cross-domain whitelisting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC PCS neo is a distributed control system (DCS)

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database. Siemens' SIMATIC PCS neo for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC PCS neo is a distributed control system (DCS)

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents. SIMATIC PCS neo is a distributed control system (DCS)