VARIoT IoT vulnerabilities database

MileSight camera is a network camera produced by Xiamen Pulse Vision Digital Technology Co., Ltd. MileSight camera has multiple built-in default account vulnerabilities. The MileSight camera device in the default configuration has three authentication accounts and seven non-authentication accounts. If the system has less than 10 user settings, an attacker can use an empty account to log in to the camera.

MileSight camera is a network camera produced by Xiamen Pulse Vision Digital Technology Co., Ltd. The MileSight camera has a default private key certificate vulnerability. Since all cameras share the same secret key, an attacker uses the vulnerability to launch a man-in-the-middle attack when establishing an HTTPS connection.

MileSight camera is a network camera produced by Xiamen Pulse Vision Digital Technology Co., Ltd. MileSight camera has an unauthorized access control page vulnerability. An unauthorized attacker could use the vulnerability to execute arbitrary commands.

MileSight camera is a network camera produced by Xiamen Pulse Vision Digital Technology Co., Ltd. MileSight camera has Web UI CGI buffer overflow vulnerability. An attacker exploiting the vulnerability could cause the web interface of the camera to crash and execute arbitrary code remotely.

ZyXELBillion5200W-T is a router manufactured by ZyXEL. A remote command execution vulnerability exists in the ZyXELBillion5200W-T router. Because the tools_time.asp interface uiViewSNTPServer parameter has command injection and the device has a default account, the attacker is allowed to exploit the vulnerability to remotely execute arbitrary code.

ZyXELP660HN-Tv1 is a router manufactured by ZyXEL. The ZyXELP660HN-Tv1 router has an unauthenticated remote command execution vulnerability. Because the remote_host parameter has command injection and the device has a default account, an unauthenticated attacker can exploit the vulnerability to remotely execute arbitrary code.

ZyXELBillion5200W-T is a router manufactured by ZyXEL. The ZyXELBillion5200W-T router has an unauthenticated remote command execution vulnerability. The command is injected by the syslogServerAddr parameter, allowing unauthenticated attackers to exploit the vulnerability to remotely execute arbitrary code.

ZyXELP660HN-Tv2 is a router manufactured by ZyXEL. The ZyXELP660HN-Tv2 router has an unauthenticated remote command execution vulnerability. Because the ServerIP parameter has command injection and the device has a default account, the attacker is allowed to exploit the vulnerability to execute arbitrary code remotely.

Haier wireless router is a wireless intelligent router. An unauthorized access vulnerability exists in the Haier wireless router. Allows an attacker to bypass permissions authentication and log in to the system device.

The Huawei S9700, S5700, S6700, S7700, and S9700 are the switch devices of Huawei (Huawei). A number of Huawei switches have a denial of service vulnerability. Because the device lacks input verification, the remote attacker can exploit the vulnerability to construct a malformed Resource Reservation Protocol (RSVP) packet to the device, causing a small buffer overflow of the device and a probabilistic restart.

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. Swisscom Internet-Box is a router from Arcadyan. Give way. Swisscom Arcadyan SLT-00 Star* (also known as Swisscom Internet-Box) is a network set-top box device of Swisscom company in Switzerland. An authentication bypass vulnerability exists in the web interface of Swisscom Arcadyan SLT-00 Star* prior to R7.7

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version

ASP.NET Core is a new open source and cross-platform framework for building modern cloud-based applications connected to the Internet, such as web applications, Internet of Things (IoT) applications, and mobile back-end applications. ASP.NET Core 5-RC1 version has an HTTP header injection vulnerability. A remote attacker can inject arbitrary HTML and script code by submitting a malicious HTTP request and execute it in a user's browser session.

SamsungGalaxyS6 is Samsung Electronics' mobile smart Android phone. A remote heap buffer overflow vulnerability exists in multiple Samsung devices. An attacker could exploit the vulnerability to cause a denial of service. Due to the nature of this issue, code execution may be possible but this has not been confirmed

Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei S12700 is an intelligent routing switch of China Huawei. A number of Huawei products have a denial of service vulnerability, which stems from the lack of input detection in the program. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to restart the affected device, denying service to legitimate users. Huawei S12700, S5700, S6700, S7700, and S9700 are vulnerable. The following products and versions are affected: Huawei S12700 V200R005C00 Version, V200R006C00 Version, V200R007C00 Version, V200R008C00 Version; S5700 V200R006C00 Version, V200R007C00 Version, V200R008C00 Version; S6700 V200R008C00 Version; S7700 V200R001C00 Version, V200R002C00 Version, V200R003C00 Version, V200R005C00 Version, V200R006C00 Version , V200R007C00, V200R008C00; S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00

Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. plural Huawei The product contains an input validation vulnerability.Information may be obtained. The Huawei S9700, S5700, S7700, and S9700 are the switch devices of Huawei (Huawei). Multiple Huawei Products are prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Huawei S12700 and others are all intelligent routing switches of China Huawei (Huawei). The following products and versions are affected: Huawei S12700 V200R007C00, V200R008C00; S5700 V200R007C00; S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00

NetgearWNR2000 is a wireless router product from Netgear. An information disclosure vulnerability exists in the NETGEARWNR2000 router. Unauthenticated attackers exploit vulnerabilities to obtain sensitive information and potentially recover administrator passwords.

SamsungDVR is a small PC for recording TV broadcast, cable TV or DirectTV transmission. SamsungDVR design vulnerability. Since the Samsung DVR web browser uses the HTTP80 port by default to transmit a base64 encoded certificate in the cookie header, only the login name and password are base64 encoded. The attacker exploits the vulnerability to modify the default credentials to gain access to the SamsungDVRweb interface and control the IP camera.

NetgearWNR2000 is a wireless router product from Netgear. A heap buffer overflow vulnerability exists in the NETGEARWNR2000 router. Since the router HTTP server processes *.cgi files by URL, an attacker exploiting the vulnerability can lead to a denial of service condition, leading to further attacks.

NetgearWNR2000 is a wireless router product from Netgear. An access control vulnerability exists in the NETGEARWNR2000 router. Since the apply_noauth.cgi function has similar functionality to the apply.cgi function that the administrator uses to perform sensitive operations. Unauthenticated attackers can perform sensitive operations through the apply_noauth.cgi function.