VARIoT IoT vulnerabilities database

The Simple Forum System of Ainong Network Technology Service Center in Huanggu District, Shenyang City is a forum website building system. A SQL injection vulnerability exists in the 162100 Simple Forum system of Ainong Network Technology Service Center, Huanggu District, Shenyang. Attackers can use the vulnerability to obtain sensitive database information.

The simple forum system of Ainon Network Technology Service Center in Huanggu District, Shenyang City is a forum website building system. A SQL injection vulnerability exists in the 162100 Simple Forum System of Ainong Network Technology Service Center, Huanggu District, Shenyang City. Attackers can use this vulnerability to obtain sensitive database information.

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). Netis DL4323 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETCORE Netis DL4323 is a multifunctional modem of China Netcore Corporation. A cross-site scripting vulnerability exists in the pingrtt_v6.html page in NETCORE Netis DL4323. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). Netis DL4323 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. A cross-site scripting vulnerability exists in NETCORE Netis DL4323. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). Netis DL4323 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. A cross-site scripting vulnerability exists in NETCORE Netis DL4323. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. Netis DL4323 The device contains a cross-site request forgery vulnerability.Information may be tampered with. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. The vulnerability stems from a web application's insufficient verification that the request came from a trusted user. An attacker could use this vulnerability to send an unexpected request to the server through an affected client

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. Netis DL4323 The device contains a vulnerability related to information disclosure from the cache.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. An information disclosure vulnerability exists in NETCORE Netis DL4323

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). Netis DL4323 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. A cross-site scripting vulnerability exists in NETCORE Netis DL4323. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). Netis DL4323 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NETCORE Netis DL4323 is a multifunctional modem from China Netcore Corporation. A cross-site scripting vulnerability exists in NETCORE Netis DL4323. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

TP-Link AC1900 is a mini wireless router of China TP-Link. TP-Link AC1900 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Swipe Checkout for WooCommerce is a payment plugin for e-commerce used in it. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

TL-WR840N is a mini wireless router from China TP-Link. TL-WR840N has a denial of service vulnerability. An attacker could exploit this vulnerability to cause a denial of service.

thttpd 2007 has buffer underflow. thttpd Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. thttpd is a lightweight open source web server from ACME Labs. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Static HTTP Server 1.0 has a Local Overflow. Static HTTP Server Contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

The Xiaojingyu Intelligent Platform integrates the original Jingdong Alpha platform and introduces Jingdong's artificial intelligence and big data capabilities. It not only focuses on the original smart hardware, smart home, and smart travel solutions, but also extends its IoT capabilities to Multiple scenes. Jingdong Xiaojingyu Intelligent Platform has a communication key leakage vulnerability. An attacker can use this information to construct device instructions to control device behavior.

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. D-Link DIR-601 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-601 B1 is a wireless router from Taiwan D-Link. The D-Link DIR-601 B1 2.00NA version has an authentication bypass vulnerability, which originates from the fact that the program is only on the client and fails to authenticate on the server. An attacker could use this vulnerability to bypass authentication and perform arbitrary actions

ZLAN5102 serial server is a protocol converter between RS232 / 485 and TCP / IP developed by Shanghai Zhuolan Information Technology Co., Ltd. The serial server can conveniently connect serial devices to Ethernet and the Internet, and realize the network upgrade of serial devices. ZLAN5103 is a new generation high-performance serial server developed by Shanghai Zhuolan based on ZLAN1003. The ZLAN5102 and ZLAN5103 network cards have a denial of service vulnerability. Sending only three-way TCP handshake packets to port 80 of the device and no other packets will cause the device's network card to restart abnormally. An attacker could use the vulnerability to launch a denial of service attack.

ZLAN5103 can realize transparent data forwarding between RS232 / 485/422 and TCP / IP. Conveniently make serial devices connect to Ethernet and Internet, and realize the network upgrade of serial devices. There is a denial of service vulnerability in ZLAN. Sending malformed RST packets to ZLAN5103 TCP 4196 port will cause denial of service on ZLAN5103 TCP 4196 and TCP 80 ports. The device needs to be powered off and restarted to recover. An attacker can use the vulnerability to launch a denial of service attack.

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. Intelbras IWR 3000N The device contains an input validation vulnerability.Denial of service (DoS) May be in a state. Intelbras IWR 3000N is a wireless router from Intelbras in Poland. There are security vulnerabilities in Intelbras IWR 3000N 1.8.7