Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Summary Vandal-resistant Door Phone for High-end Buildings. Offering top-of-the-line features, Akuvox X912 is targeted at high-end residential and commercial projects. With a compact size, it is perfect for buildings with limited installation space. Description The application suffers from an...

Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC

Summary Pianissimo virtual piano uses a combination of sample playback and advanced physical modeling to create a stunning acoustic grand piano sound. Starting with 250 MB of high quality samples of a Steinway™ Model D grand piano, Pianissimo uses complex signal processing and programming to...

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download

Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit

Summary The C-Bus Network Automation Controller 5500NAC and the Wiser for C-Bus Automation Controller 5500SHAC is an advanced controller from Schneider Electric. It is specifically designed to unite the C-Bus home automation solution with common household communication protocols, from lighting an...

Wowza Streaming Engine 4.5.0 Remote Privilege Escalation Exploit

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an authenticated arbitrar...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

Summary GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices. Description A security vulnerability affecting GoAhead versions 2 to 5 has been...

ABB Cylon Aspect 3.08.02 (clearProjectConfigurationAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC

Summary Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols. Not only easy to use, it enables secure multi-user document sharing. Description The application receives SIGABRT after RAPortCheck.createNWConnection...

ABB Cylon Aspect 3.08.02 (calendarUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...

ABB Cylon Aspect 3.08.02 (syslogUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

Tosibox Key Service 3.3.0 Local Privilege Escalation

Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes, giving you full visibility and control over the network devices connected to the Node. Description The application suffers from an unquoted search path issue impacting the...

NUUO Remote Root Exploit

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

Summary With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. Enshare is a USB media storage sharing application that enables access to files...

H3C SSL VPN Username Enumeration

Summary H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotely in an easy and secure way. The H3C SSL VPN devices are a new generation of professional SSL VPN devices for enterprises. They can function as ingress gateways as...

Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit

Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application interface...

Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS

Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability

Summary Protege GX is an enterprise level integrated access control, intrusion detection and building automation solution with a feature set that is easy to operate, simple to integrate and effortless to extend. Protege WX is an all-in-one, web-based, cross-platform system that gives you a fully...

Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)

Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...

ABB Cylon Aspect 3.08.02 (clearProjectConfigurationAjax.php) File Deletion

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking

Summary Sielco designs and produces FM radio transmitters for professional broadcasting. The in-house laboratory develops standard and customised solutions to meet all needs. Whether digital or analogue, each product is studied to ensure reliability, resistance over time and a high standard of...

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure

Summary enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for...

Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit

Summary Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to manage IP video surveillance designed for medium to large installations that require high performance and reliability. Arteco can handle IP video sources from all major international manufacturers and...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass

Summary netBooter™ NP-02B and NP-02BH provide independent control of one or two outlets in a small, robust form factor. Manageable via TCP/IP network or direct serial connection and 1U brackets optional for mounting. Control power to your devices with the ability to fit just about anywhere...

ABB Cylon FLXeon 9.3.4 (cmds.js) Authenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Information Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerabl...

Foxit Reader 7.0.6.1126 Unquoted Service Path Elevation Of Privilege

Summary Foxit Reader is a small, lightning fast, and feature rich PDF viewer which allows you to create free PDF creation, open, view, sign, and print any PDF file. Description The application suffers from an unquoted search path issue impacting the service 'FoxitCloudUpdateService' for Windows...

Screen SFT DAB 600/C Authentication Bypass Password Change Exploit

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit

Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Summary The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the lar...

ABB Cylon Aspect 3.08.01 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

ABB Cylon Aspect 3.08.02 (tscConfiguration.php) Authenticated Reflected XSS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated reflected...

ABB Cylon Aspect 3.08.02 (deployStart.php) Unauthenticated Command Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticat...

ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated...

NLB mKlik Makedonija 3.3.12 SQL Injection

Summary NLB mKlik е мобилна апликација наменета за физички лица, корисници на услугите на НЛБ Банка, која овозможува преглед на различните продукти кои корисниците ги имаат во Банката како и извршување на различни видови на трансакции на едноставен и пред се безбеден начин во било кој период од...

Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

Summary USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid,...

ABB Cylon Aspect 3.07.00 (obtainPorts.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

ABB Cylon Aspect 3.08.02 Unauthenticated Configuration Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS system suffers from an unauthenticated...

ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service

Summary The transmitter Blue Plus is designed with all the latest technologies, such as high efficiency using the latest generation LDMOS transistor and high efficiency power supplies. We used a modern interface and performance using a color display with touch screen, with easy management softwar...

Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting

Summary The HX200 is a high-performance satellite router designed to provide carrier-grade IP services using dynamically assigned high-bandwidth satellite IP connectivity. The HX200 satellite router provides flexible Quality of Service QoS features that can be tailored to the network applications...

ABB Cylon Aspect 3.08.01 (portQueueAjax.php) Information Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The portQueueAjax.php endpoint on ABB Cylon Aspect BMS/BAS controller...

Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration

Summary TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and Archive applications. TITAN File is based on ATEME 5th Generation STREAM compression engine and delivers the highest video quality at minimum bitrates with accelerate...