VARIoT IoT vulnerabilities database
| VAR-202003-1788 | No CVE | Qingdao Automation Instrumentation Co., Ltd. intelligent instrument cluster management system has SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Intelligent meter collection management system is an industrial control management system that controls and manages some data of the energy industry.
Qingdao Automation Instrumentation Co., Ltd.'s intelligent instrument cluster management system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.
| VAR-202003-0799 | CVE-2019-13201 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
| VAR-202003-0926 | CVE-2019-14309 | RICOH SP C250DN Trust Management Issue Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. plural Ricoh SP C250DN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. RICOH SP C250DN is a printer from RICOH Corporation of Japan.
There is a security vulnerability in Ricoh SP C250DN version 1.05
| VAR-202003-0927 | CVE-2019-14310 | RICOH SP C250DN buffer error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets. plural Ricoh SP C250DN A buffer error vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan
| VAR-202003-0800 | CVE-2019-13202 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan.
Kyocera ECOSYS M5526cdw 2R7_2000.001.701 version of the web application part of the function of ‘okhtmlfile’ and ‘failhtmlfile’ parameters has a buffer overflow vulnerability
| VAR-202003-0788 | CVE-2019-13394 | NETGEAR CG3700b Vulnerability in improper restriction of excessive authentication attempts in custom firmware |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. NETGEAR CG3700b Custom firmware contains a vulnerability regarding improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202003-0801 | CVE-2019-13203 | plural Kyocera Integer overflow vulnerability in printer |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera The printer is vulnerable to integer overflow.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
| VAR-202003-0793 | CVE-2019-13195 | Kyocera ECOSYS M5526CDW path traversal vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. plural Kyocera A past traversal vulnerability exists in the printer.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan.
Kyocera ECOSYS M5526CDW 2R7_2000.001.701 version of the web application has a path traversal vulnerability, the vulnerability stems from the network system or product fails to correctly filter the special elements in the resource or file path, the attacker can use the vulnerability to access the restricted directory Outside location
| VAR-202003-0928 | CVE-2019-14299 | plural Ricoh SP C250DN Inadequate protection of credentials on devices |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. plural Ricoh SP C250DN Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan.
There is a security vulnerability in Ricoh SP C250DN version 1.05, which originated from the device's failure to lock accounts
| VAR-202003-0915 | CVE-2019-13165 | plural Xerox Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
| VAR-202003-0794 | CVE-2019-13196 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
| VAR-202003-0920 | CVE-2019-13170 | plural Xerox Cross-site request forgery vulnerability in printers |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. plural Xerox A cross-site request forgery vulnerability exists in the printer.Information may be tampered with. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality.
Fuji Xerox printers have a CSRF vulnerability that an attacker can use to execute arbitrary code on the device
| VAR-202003-0803 | CVE-2019-13205 | Kyocera ECOSYS M5526CDW information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. plural Kyocera Printers are vulnerable to information leakage.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan.
An information disclosure vulnerability exists in Kyocera ECOSYS M5526CDW that uses the firmware version 2R7_2000.001.701
| VAR-202003-0593 | CVE-2019-4656 | IBM MQ and MQ Appliance Input verification vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. IBM MQ and MQ Appliance There is an input verification vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 170967 It is published as.Service operation interruption (DoS) It may be put into a state. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The vulnerability stems from an error in processing error messages. An attacker can use this vulnerability to cause a denial of service
| VAR-202003-0790 | CVE-2019-13192 | plural Brother Out-of-bounds write vulnerabilities in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. plural Brother The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan
| VAR-202003-0929 | CVE-2019-14303 | plural Ricoh SP C250DN Input verification vulnerabilities on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. plural Ricoh SP C250DN The device contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan.
There is a security vulnerability in Ricoh SP C250DN version 1.05
| VAR-202003-0802 | CVE-2019-13204 | plural Kyocera Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
| VAR-202003-0791 | CVE-2019-13193 | plural Brother Out-of-bounds write vulnerabilities in printers |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. plural Brother The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan
| VAR-202003-0919 | CVE-2019-13169 | plural Xerox Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. plural Xerox A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
| VAR-202003-0922 | CVE-2019-13172 | plural Xerox Classic buffer overflow vulnerability in printers |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. plural Xerox A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality