VARIoT IoT vulnerabilities database

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741. LR12A , LR13 , NR15 There are vulnerabilities in the encryption strength of multiple MediaTek products, including:Information may be obtained

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933. media tech's NR15 Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state

Brother DCP-L2540DW is a multi-function laser/LED printer. Brother (China) Commercial Co., Ltd. Brother DCP-L2540DW series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

NUUO is a company specializing in the production of Network Video Recorders (NVRs). NUUO Network Video Recorder has a logic flaw vulnerability that can be exploited by attackers to modify account passwords without authorization.

AG515 is a high-performance gateway device suitable for small and medium-sized enterprises and large office environments. AG515 of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Advantech WebAccess is an HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess of Advantech Technology (China) Co., Ltd. has a file upload vulnerability, which can be exploited by attackers to gain control of the server.

AC6 is an 11ac dual-band wireless router designed for 100M fiber homes. AC6 of Shenzhen Jixiang Tengda Technology Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

NBR800G is a router for Internet behavior management. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR800G has an arbitrary file write vulnerability, which can be exploited by attackers to obtain server permissions.

The M2085FW is a black and white laser multifunction printer with printing, copying, scanning and faxing functions. Samsung (China) Investment Co., Ltd. SANSUNG has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands.

C430W is a laser printer. Samsung (China) Investment Co., Ltd. C430W has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Zhejiang Dahua Technology Co., Ltd. is a global leading video-centric smart IoT solution provider and operation service provider. There is a SQL injection vulnerability in the DSS of Zhejiang Dahua Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information in the database.

FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.

FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.

D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments, supporting up to 4 Internet ports and up to 4 LAN ports. D-Link DI-8100 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

DWR-M961 is a router. D-Link DWR-M961 has a stack overflow vulnerability, which can be exploited by attackers to cause the program to crash.

SNC-RX570N is a network camera. Sony SNC-RX570N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

M6700DW is a black and white laser multifunction printer. P2500NW is a black and white laser single-function printer. BM5100ADW is a black and white laser multifunction printer. CM1100DW is a color laser multifunction printer. ‌ Many printer products of Zhuhai Pantum Printing Technology Co., Ltd. have a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A950RG is a super-generation Giga wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state