VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202407-0013 CVE-2024-21461 Double release vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption while performing finish HMAC operation when context is freed by keymaster. 315 5g iot modem firmware, 9205 lte modem firmware, APQ8017 Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202406-2871 CVE-2024-6403 Tenda A301 has an unspecified vulnerability (CNVD-2024-31386) CVSS V2: 6.8
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda A301 is a wireless signal extender from China's Tenda company. There is a security vulnerability in Tenda A301 version 15.13.08.12, which can be exploited by remote attackers to execute arbitrary code on the system or cause a denial of service attack
VAR-202406-2832 CVE-2024-6402 Tenda A301 Buffer Overflow Vulnerability (CNVD-2024-31395) CVSS V2: 6.8
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Tenda A301 is a wireless signal extender from China's Tenda Company. The vulnerability is caused by the /goform/SetOnlineDevName parameter devName failing to correctly verify the length of the input data. A remote attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
VAR-202406-2883 CVE-2024-37741 OpenPLC Project  of  OpenPLC_v3  Cross-site scripting vulnerability in firmware CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. OpenPLC Project of OpenPLC_v3 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
VAR-202406-1934 No CVE KingH5Stream of Beijing Yakong Technology Development Co., Ltd. has a weak password vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Beijing Yakong Technology Development Co., Ltd., referred to as "Yakong Technology", is a high-tech enterprise of industrial automation and information software platform established in 1997. KingH5Stream of Beijing Yakong Technology Development Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202406-1182 No CVE Beijing Yakong Technology Development Co., Ltd. KingPortal development system has a logical defect vulnerability (CNVD-2024-17442) CVSS V2: 2.1
CVSS V3: -
Severity: LOW
Beijing Yakong Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and information software platform established in 1997. Beijing Yakong Technology Development Co., Ltd. KingPortal development system has a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.
VAR-202406-0858 CVE-2024-21827 TP-LINK ER7206 command execution vulnerability CVSS V2: 8.3
CVSS V3: 7.2
Severity: HIGH
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. TP-LINK ER7206 is a multi-function gigabit router from China's TP-LINK company. The vulnerability is caused by the presence of residual debugging code
VAR-202406-1180 No CVE Zhejiang Dahua Technology Co., Ltd. Digital Surveillance System has a file upload vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Zhejiang Dahua Technology Co., Ltd. is a global leading video-centric smart IoT solution provider and operation service provider. Zhejiang Dahua Technology Co., Ltd. Digital Surveillance System has a file upload vulnerability, which can be exploited by attackers to upload malicious files.
VAR-202406-2739 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC 6000-E20C has a command execution vulnerability (CNVD-2024-24567) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
RG-UAC 6000-E20C is an Internet behavior management and auditing product. RG-UAC 6000-E20C of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.
VAR-202406-1372 No CVE Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability (CNVD-2024-24564) CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E is a router product. Beijing StarNet Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
VAR-202406-0749 CVE-2023-25646 ZTE ZXHN H388X Unauthorized Access Vulnerability CVSS V2: 6.8
CVSS V3: 7.1
Severity: HIGH
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations. ZTE ZXHN H388X is a router produced by ZTE
VAR-202406-1806 CVE-2024-37661 TP-Link TL-7DR5130 Security Bypass Vulnerability CVSS V2: 6.7
CVSS V3: 6.3
Severity: MEDIUM
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-Link TL-7DR5130 is a wireless router from China's TP-LINK company
VAR-202406-1440 CVE-2024-37369 Rockwell Automation FactoryTalk View SE Privilege Escalation Vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States
VAR-202406-1621 CVE-2024-37368 Rockwell Automation FactoryTalk View SE Authentication Error Vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without proper authentication verification
VAR-202406-1047 CVE-2024-37367 Rockwell Automation FactoryTalk View SE Authentication Error Vulnerability (CNVD-2024-30909) CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification
VAR-202406-1995 CVE-2024-37630 D-Link DIR-605L Hard-coded Password Vulnerability CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. D-Link DIR-605L is a wireless router from D-Link, a Chinese company
VAR-202406-0247 CVE-2024-5560 Schneider Electric SAGE RTUs Out-of-Bounds Read Vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. Schneider Electric SAGE RTUs is a high-performance device for industrial automation and remote monitoring from Schneider Electric, a French company
VAR-202406-0299 CVE-2024-5557 Schneider Electric SpaceLogic AS-P/AS-B Log Information Disclosure Vulnerability CVSS V2: 5.5
CVSS V3: 4.5
Severity: MEDIUM
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. Schneider Electric SpaceLogic AS-P is an automation server of Schneider Electric of France
VAR-202406-0502 CVE-2024-5056 Schneider Electric Modicon M340 Denial of Service Vulnerability CVSS V2: 6.4
CVSS V3: 6.5
Severity: MEDIUM
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company
VAR-202406-0212 CVE-2024-35303 Siemens Tecnomatix Plant Simulation MODEL File Parsing Type Confusion Remote Code Execution Vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing specially crafted MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22958). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MODEL files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition