VARIoT IoT vulnerabilities database

MSR954 is usually used in medium and large enterprise environments and supports a variety of network services and functions, including advanced routing, VPN, network security, etc. Hewlett Packard Enterprise MSR954 has a weak password vulnerability, which can be exploited by attackers to log in to the backend and obtain sensitive information.

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account. (DoS) It may be in a state. Dell Secure Connect Gateway (Dell SCG) is a secure connection gateway of Dell (Dell) in the United States. The vulnerability is caused by the use of damaged or risky encryption algorithms

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. The vulnerability is caused by an incorrect certificate verification vulnerability

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition. (DoS) It may be in a state

ARRIS VAP3402E is a wireless access device product. ARRIS VAP3402E has a weak password vulnerability, which can be exploited by attackers to log in to the backend and obtain sensitive information.

AM401-CPU1608TP is an economical medium-sized PLC developed by Suzhou Inovance Technology Co., Ltd., which supports Ethernet communication. AM401-CPU1608TP of Shenzhen Inovance Technology Co., Ltd. has a denial of service vulnerability. Attackers can exploit this vulnerability to cause a denial of service at the PLC application layer, and the PLC needs to be manually restarted to return to normal.

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the key parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. D-Link Systems, Inc. of DIR-882 firmware and DIR-878 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-878 is a wireless router. D-Link DIR-882 is a dual-band wireless router

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. There is an access control error vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. Elvaco M-Bus Metering Gateway CMe3100 is an M-Bus metering gateway for fixed networks from Elvaco. There is a security vulnerability in the 1.12.1 version of Elvaco M-Bus Metering Gateway CMe3100. The vulnerability is caused by insufficient credential protection