Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol

Overview Wireless keyboard and mouse devices from multiple vendors use proprietary wireless protocols that are not properly secured. Description CWE-311: Missing Encryption of Sensitive Data Multiple wireless input devices keyboard and mouse use a proprietary wireless protocol on the 2.4 GHz ISM...

Flexera Software FlexNet Publisher lmgrd contains a buffer overflow vulnerability

Overview Flexera Software FlexNet Publisher, including all versions prior to 11.13.1.2, lmgrd and custom vendor daemon servers contain a buffer overflow vulnerability that may be leveraged to gain code execution. Description Flexera Software FlexNet Publisher is a software license manager that...

glibc vulnerable to stack buffer overflow in DNS resolver

Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2015-7547According to a Google security blog post: "The glibc DNS client side resolver is vulnerable...

Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials

Overview Digital Video Recorders DVRs, security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259: Use of Hard-coded Password- CVE-2015-8286 According to the reporter, DVR devices bas...

Swann SRNVW-470 allows unauthorized access to video stream and contains a hard-coded password

Overview Swann network video recorder NVR devices contain a hard-coded password and do not require authentication to view the video feed when accessing from specific URLs. Description CWE-259: Use of Hard-coded Password - CVE-2015-8286 According to the researcher, the Swann SRNVW-470LCD and Swann...

Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default

Overview Hirschmann "Classic Platform" switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257: Storing Passwords in a Recoverable Format For...

Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

Overview Cisco Adaptive Security Appliance ASA Internet Key Exchange versions 1 and 2 IKEv1 and IKEv2 contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119: Improper Restriction of Operations within the Bound of a Memory Buffer -...

Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium

Overview Comodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables the same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated...

Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...

Fisher-Price Smart Toy platform allows some unauthenticated web API commands

Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things IoT toy. The device utilizes network connectivity to provide...

OpenELEC and RasPlex have a hard-coded SSH root password

Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password on...

Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries

Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8265Huawei Mobile...

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

Overview OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. Description CWE-325: Missing Required Cryptographic Step - CVE-2016-0701OpenSSL 1.0.2 introduced the abilit...

Harman AMX multimedia devices contain hard-coded credentials

Overview Multiple models of Harman AMX multimedia devices contain a hard-coded debug account. Description CWE-798: Use of Hard-coded Credentials - CVE-2015-8362According to the researchers' blog post, several models of Harman AMX multimedia devices contain a hard-coded "backdoor" account with...

Oracle Outside In 8.5.2 contains multiple stack buffer overflows

Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Outside In is a set of...

ffmpeg and Libav cross-domain information disclosure vulnerability

Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data- CVE-2016-1897...

OpenSSH Client contains a client information leak vulnerability and buffer overflow

Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. Description CWE-200:...

Samsung SRN-1670D camera contains multiple vulnerabilities

Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264: Permissions, Privileges, and Access Controls - CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200: Information Exposure - CVE-2015-8280 The interface...

IPSwitch WhatsUp Gold does not validate commands when deserializing XML objects

Overview IPSwitch WhatsUp Gold version 16.3 does not properly validate data when deserializing XML objects sent over SOAP requests. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-8261 WhatsUp Gold version 16.3 contains a SOAP request handler named DroneDeleteOldMeasurements...

Comcast XFINITY Home Security fails to properly handle wireless communications disruption

Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636: Not Failing Securely 'Failing Open'Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band...

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Overview Furuno Voyage Data Recorder VDR VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges. Description According to the Furuno VDR product page, the VDR "records all...

Juniper ScreenOS contains multiple vulnerabilities

Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. Description...

Dovestones Software AD Self Password Reset fails to properly restrict password reset request to authorized users

Overview Dovestones Software AD Self Password Reset, version 3.0.3.0 and earlier, fails to properly validate users, which enables an unauthenticated attacker to reset passwords for arbitrary accounts. Description CWE-284: Improper Access Control - CVE-2015-8267Dovestones Software AD Self Password...

IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi

Overview IPSwitch's WhatsUp Gold version 16.3, and possibly previous versions, is vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-6004The "Find Device" search field does...

ZyXEL NBG-418N router uses default credentials and is vulnerable to cross-site request forgery

Overview ZyXEL NBG-418N router, firmware version 1.00AADZ.3C0, uses default credentials and is vulnerable to cross-site request forgery. Description CWE-255: Credentials Management - CVE-2015-7283The ZyXEL NBG-418N web administration interface uses non-random default credentials of admin:1234. A...

Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries

Overview Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8262The Buffalo...

Amped Wireless R10000 router contains multiple vulnerabilities

Overview Amped Wireless R10000 router, firmware version 2.5.2.11, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7277The Amped Wireless R10000 web administration...

Netgear G54/N150 Wireless Router WNR1000v3 uses insufficiently random values for DNS queries

Overview Netgear G54/N150 Wireless Router WNR1000v3, firmware version 1.0.2.68 and possibly earlier, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Description CWE-330: Use of Insufficiently Random Values - CVE-2015-8263The Netgear G54/N150 Wireless...

ReadyNet WRT300N-DD Wireless Router contains multiple vulnerabilities

Overview ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries. Description CWE-255: Credentials Management - CVE-2015-7280The ReadyNet WRT300N-DD Wireless Router...

TaxiHail Android mobile app contains multiple vulnerabilties

Overview Mobile Knowledge's TaxiHail is vulnerable to information disclosure and missing encryption of sensitive data. Description The Mobile Knowledge TaxiHail framework "allows passengers to book and manage their own reservations via iOS, android or the web in real-time, alleviating call...

Up.time agent for Windows contains multiple vulnerabilities

Overview The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow, and may allow unauthenticated users to perform certain commands. Description CWE-134: Uncontrolled Format String - CVE-2015-2894For version 6.0 and 7.2, an unauthenticated attacker on th...

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

Overview The Lenovo Solution Center application contains multiple vulnerabilities that can allow an attacker to execute arbitrary code with SYSTEM privileges. Description CWE-732: Incorrect Permission Assignment for Critical Resource Launching the Lenovo Solution Center creates a process called...

Epiphany Cardio Server is vulnerable to SQL and LDAP injection

Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights. Description Epiphany Cardio Server was reported as being vulnerable to the following issues:CWE-89: Improper Neutralization of Special Elements...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...

Embedded devices use non-unique X.509 certificates and SSH host keys

Overview Embedded devices use non-unique X.509 certificates and SSH host keys that can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks. Description CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEsResearch by Stefan Viehbཬk of SEC Consult has found that...

Dell Foundation Services installs root certificate and private key (eDellRoot)

Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

Dell System Detect installs root certificate and private key (DSDTestProvider)

Overview Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities

Overview Multiple models of ARRIS cable modems contain multiple, deterministically generated backdoor passwords, as well as multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. Description CWE-255: Credentials Management - CVE-2009-5149The 'password of the day'...

Apache Commons Collections Java library insecurely deserializes data

Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...

Huawei HG532 routers contain a path traversal vulnerability

Overview Huawei HG532 routers, including the HG532e, n, s, and possibly other models, are vulnerable to arbitrary file access through path traversal. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-7254In vulnerable Huawei router models,...

Commvault Edge Server deserializes cookie data insecurely

Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...

MobaXterm server may allow arbitrary command injection due to missing X11 authentication

Overview The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings. Description CWE-306: Missing Authentication for Critical Function - CVE-2015-7244MobaXterm server prior to version 8.3 includes an X11 server listening on...

Qolsys IQ Panel contains multiple vulnerabilities

Overview All firmware versions of Qolsys IQ Panel contain hard-coded cryptographic keys, do not validate signatures during software updates, and use a vulnerable version of Android OS. Description Qolsys IQ Panel is an Android OS-based touch screen controller for home automation devices and...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

EPSON Network Utility installs EpsonBidirectionalService with insecure permissions

Overview EPSON Network Utility contains a local privilege escalation vulnerability, which allows a local attacker to execute arbitrary code with SYSTEM privileges. Description CWE-276: Incorrect Default Permissions - CVE-2015-6034EPSON Network Utility v4.10 is an application that checks the print...

HP Photosmart B210 printer SMB server buffer overflow vulnerability

Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...

Medicomp MEDCIN Engine contains multiple vulnerabilities

Overview Medicomp's MEDCIN Engine provide electronic health records EHR tools and information to medical professionals. MEDCIN Engine versions before version 2.22.20153.226 are vulnerable to several buffer overflows. Description Medicomp MEDCIN Engine prior to version 2.22.20153.226 is vulnerable...