VARIoT IoT vulnerabilities database

Schneider Electric is an expert in energy efficiency management and automation. Schneider Electric Schneider PLC M340 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service.

DWR-M961 is a router. D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

DWR-M961 is a router. D-Link DWR-M961 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service. Dell's data domain operating system Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Dell PowerProtect DD is a series of data protection storage appliances from Dell, built on the Data Domain platform and designed specifically for enterprise users. Dell PowerProtect DD contains a path traversal vulnerability that could allow an attacker to illegally overwrite operating system files in the server file system, causing a denial of service

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. of A18 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter wpapsk_crypto5g failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system and cause a denial of service

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. ABB FLXeon is a series of controllers from Swiss company ABB

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests.  This issue affects FLXEON: through <= 9.3.4. ABB FLXeon is a series of controllers from Swiss company ABB. No detailed vulnerability details are available at this time

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. iPadOS , iOS , macOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. VisionOS is an AR glasses system released by Apple at the 2023 Apple Worldwide Developers Conference on June 6, 2023. Apple Vision Pro will be equipped with this system for the first time. tvOS is a TV operating system developed by Apple based on iOS. watchOS is a watch operating system developed by Apple based on iOS for use on Apple Watch. iPadOS‌ is a mobile operating system developed by Apple for iPad devices. It is developed based on iOS and is optimized specifically for iPad. macOS is an operating system developed by Apple that runs on Macintosh computers. ‌ Many Apple products have a memory release and reuse vulnerability, which attackers can exploit to elevate privileges

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. TP-LINK Technologies of TL-SG108E The firmware has GET There is a vulnerability related to information leakage from the query string in the request.Information may be obtained

DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. D-Link DIR-825 is a router from D-Link. There is a command injection vulnerability in DLINK DIR-825 REVB 2.03 version. The vulnerability is caused by the failure to properly filter special characters and commands in the CGl interface apc_client_pin.cgi

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. TRENDnet of TEW-632BRP Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. SUNGROW of WiNet-S A heap-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. SUNGROW of WiNet-S Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. SUNGROW of WiNet-S A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. SUNGROW of WiNet-S A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. SUNGROW of WiNet-S A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained and information may be tampered with. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates. SUNGROW of WiNet-S A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be obtained and information may be tampered with. SunGrow WiNet-S is a LAN communication module from SunGrow, a Chinese company

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state