VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202003-1788 No CVE Qingdao Automation Instrumentation Co., Ltd. intelligent instrument cluster management system has SQL injection vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Intelligent meter collection management system is an industrial control management system that controls and manages some data of the energy industry. Qingdao Automation Instrumentation Co., Ltd.'s intelligent instrument cluster management system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.
VAR-202003-0799 CVE-2019-13201 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
VAR-202003-0926 CVE-2019-14309 RICOH SP C250DN Trust Management Issue Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. plural Ricoh SP C250DN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05
VAR-202003-0927 CVE-2019-14310 RICOH SP C250DN buffer error vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets. plural Ricoh SP C250DN A buffer error vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan
VAR-202003-0800 CVE-2019-13202 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. Kyocera ECOSYS M5526cdw 2R7_2000.001.701 version of the web application part of the function of ‘okhtmlfile’ and ‘failhtmlfile’ parameters has a buffer overflow vulnerability
VAR-202003-0788 CVE-2019-13394 NETGEAR CG3700b Vulnerability in improper restriction of excessive authentication attempts in custom firmware CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. NETGEAR CG3700b Custom firmware contains a vulnerability regarding improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
VAR-202003-0801 CVE-2019-13203 plural Kyocera Integer overflow vulnerability in printer CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera The printer is vulnerable to integer overflow.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
VAR-202003-0793 CVE-2019-13195 Kyocera ECOSYS M5526CDW path traversal vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. plural Kyocera A past traversal vulnerability exists in the printer.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. Kyocera ECOSYS M5526CDW 2R7_2000.001.701 version of the web application has a path traversal vulnerability, the vulnerability stems from the network system or product fails to correctly filter the special elements in the resource or file path, the attacker can use the vulnerability to access the restricted directory Outside location
VAR-202003-0928 CVE-2019-14299 plural Ricoh SP C250DN Inadequate protection of credentials on devices CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. plural Ricoh SP C250DN Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05, which originated from the device's failure to lock accounts
VAR-202003-0915 CVE-2019-13165 plural Xerox Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
VAR-202003-0794 CVE-2019-13196 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
VAR-202003-0920 CVE-2019-13170 plural Xerox Cross-site request forgery vulnerability in printers CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. plural Xerox A cross-site request forgery vulnerability exists in the printer.Information may be tampered with. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality. Fuji Xerox printers have a CSRF vulnerability that an attacker can use to execute arbitrary code on the device
VAR-202003-0803 CVE-2019-13205 Kyocera ECOSYS M5526CDW information disclosure vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. plural Kyocera Printers are vulnerable to information leakage.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. An information disclosure vulnerability exists in Kyocera ECOSYS M5526CDW that uses the firmware version 2R7_2000.001.701
VAR-202003-0593 CVE-2019-4656 IBM MQ and MQ Appliance Input verification vulnerability in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service
VAR-202003-0790 CVE-2019-13192 plural Brother Out-of-bounds write vulnerabilities in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. plural Brother The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan
VAR-202003-0929 CVE-2019-14303 plural Ricoh SP C250DN Input verification vulnerabilities on devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. plural Ricoh SP C250DN The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05
VAR-202003-0802 CVE-2019-13204 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
VAR-202003-0791 CVE-2019-13193 plural Brother Out-of-bounds write vulnerabilities in printers CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. plural Brother The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan
VAR-202003-0919 CVE-2019-13169 plural Xerox Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. plural Xerox A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
VAR-202003-0922 CVE-2019-13172 plural Xerox Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. plural Xerox A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality