VARIoT IoT vulnerabilities database

Pelco Sarix Pro is a video surveillance device from Schneider Electric. A command injection vulnerability exists in the Schneider Pelco Sarix Pro camera set program network.ieee8021x.delete_certs. An attacker can use the vulnerability to execute arbitrary commands in the background through an HTTP request.

The Sunell camera is a camera produced by Shenzhen Jingyang Technology Co., Ltd. An authentication bypass vulnerability exists in the Sunell camera. Attackers can use the vulnerability to add administrators, modify configurations, and obtain web administrator permissions.

Pelco Sarix Pro is a video surveillance device from Schneider Electric. Schneider Pelco Sarix Pro camera set program system.download.sd_file has a command injection vulnerability. Attackers can use the vulnerability to execute arbitrary commands in the background through http requests.

The Sunell camera is a camera produced by Shenzhen Jingyang Technology Co., Ltd. There is a cross-site scripting attack on the Sunell camera. The attacker can use the vulnerability to obtain the administrator's account password by sending a network request.

The Sunell camera is a camera produced by Shenzhen Jingyang Technology Co., Ltd. A buffer overflow vulnerability exists in the Sunell camera, which can be exploited by an attacker to cause a denial of service.

Pelco Sarix Pro is a video surveillance device from Schneider Electric. Schneider Pelco Sarix Pro camera snap.cgi has an unauthorized access vulnerability. The vulnerability stems from the failure to verify the permissions of the snap.cgi interface. Attackers can use the vulnerability to cause unauthorized access and view real-time monitoring screenshot information.

Pelco Sarix Pro is a video surveillance device from Schneider Electric. Schneider Pelco Sarix Pro camera set program system.delete.sd_file has an arbitrary file deletion vulnerability. An attacker can use the vulnerability to delete any system file through the http request.

Pelco Sarix Pro is a video surveillance device from Schneider Electric. Schneider Pelco Sarix Pro camera snapshot.cgi has an unauthorized access vulnerability. The vulnerability stems from the failure to verify the permissions of the snapshot.cgi interface. Attackers can use the vulnerability to cause unauthorized access. You can view real-time monitoring screenshot information.

AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5343v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5343v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5343v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5750 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5442 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5442 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5442. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5021 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5453 A cross-site scripting vulnerability exists in the device software.The information may be obtained and the information may be falsified. AirTiesAir5453 is a wireless router product from Airties, Turkey. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5443v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5443v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5443v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

The control-home smart home uses the advanced wireless technology to upgrade the electrical equipment in the home to achieve various smart scenarios for the whole house. The controller has a variety of smart sockets, designed a variety of functions in a small form factor, coupled with the linkage control APP can be remotely controlled through the network. There is an unauthorized access vulnerability in the K-K series smart sockets. Attackers can use this vulnerability to gain unauthorized access to gain administrator rights.

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5650 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The AirTiesAir5650 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5650. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page

Schneider Electric M580 PLC is Schneider Electric's collaborative automation system. Schneider Electric M580PLC has a denial of service vulnerability. An attacker can cause a PLC to deny service by sending a specific data packet

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated ServicesRouter are all Cisco router products. IOS Software is the operating system that Cisco runs for its network devices

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. Cisco 807, 809, and 829 Industrial Integrated Services Router are router products of Cisco. IOS Software is the operating system that Cisco runs for its network devices

HP Color LaserJet Pro M252 is a color laser printer manufactured by HP Trading (Shanghai) Co., Ltd. The HP Color LaserJet Pro M252 series has a command execution vulnerability that could allow an attacker to execute remote commands.