VARIoT IoT vulnerabilities database

RG-EW1200G is a home wireless router suitable for use in flat homes, villas, small shops and SOHO offices. RG-EW1200G of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to obtain server permissions.

Xerox Altalink C8245 is a multi-function laser printer with high-speed printing, copying and scanning functions, suitable for small and medium-sized enterprises or office environments. Fujifilm Business Innovation (China) Co., Ltd. Xerox Altalink C8245 has a denial of service vulnerability, and attackers can exploit the vulnerability to cause printer service interruption.

DIR-823X (AX3000) is a dual-band wireless router that supports the WiFi 6 standard and has a dual-band concurrent rate of up to 3000Mbps. DIR-823X (AX3000) of D-Link Electronics (Shanghai) Co., Ltd. has a command execution vulnerability that can be exploited by attackers to execute commands.

Xerox Altalink B415 is a multi-function laser printer with printing, copying, scanning and faxing functions. Fujifilm Business Innovation (China) Co., Ltd. Xerox Altalink B415 has a denial of service vulnerability, and attackers can exploit the vulnerability to cause printer service interruption.

LOYTEC LINX-202 is a building automation server, mainly used in building automation systems. Delta Electronics (Dongguan) Co., Ltd. LOYTEC LINX-202 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

e-STUDIO3008A is an A3-sized black-and-white digital multifunction machine with printing, copying and scanning functions. Toshiba (China) Co., Ltd. Shanghai Branch e-STUDIO3008A has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C Magic NX15000 10G Wi-Fi 6 Router is a high-end router for users and groups who pursue full-house coverage and high-quality networks. H3C Magic NX15000 10G Wi-Fi 6 Router of H3C Technologies Co., Ltd. has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.

The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress plugin is an application plugin. The WordPress DIOT SCADA with MQTT plugin has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the application

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. Tenable Agent is a vulnerability scanner developed by the US company Tenable. Detailed vulnerability details are not available at this time

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component. TOTOLINK of n600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from China's TOTOLINK Electronics. TOTOLINK N600R V4.3.0cu.7866_B2022506 has a buffer overflow vulnerability. The vulnerability is caused by the UPLOAD_FILENAME component failing to properly verify the length of the input data

NETGEAR Gateway C6300BD is a cable modem and router in one device, designed to provide quality wireless network coverage and high-speed Internet connection for the home. NETGEAR Gateway C6300BD has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

H3C Magic NX15000 is a 10G Wi-Fi 6 router. H3C Magic NX15000 of H3C Technologies Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Xerox Corporation is a long-established American multinational company, originally known for its copier technology, and has now transformed into a digital and document solution provider, with businesses covering printers, scanners, digital printing systems, and document management services. Many products of Xerox Corporation have unauthorized access vulnerabilities, which attackers can exploit to obtain sensitive information.

H3C Magic NX15000 is a 10G Wi-Fi 6 router. H3C Magic NX15000 of H3C Technologies Co., Ltd. has a service parameter injection vulnerability, which can be exploited by attackers to execute arbitrary commands.

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Platinum Host Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

H3C Magic NX15000 10G Wi-Fi 6 Router is a high-end router for users and groups who pursue full-house coverage and high-quality networks. H3C Magic NX15000 10G Wi-Fi 6 Router of H3C Technologies Co., Ltd. has a command execution vulnerability. Attackers can use the vulnerability to inject malicious code and obtain server permissions.

Canon iR-ADV C5535 is a high-performance color digital multifunction machine with multiple functions such as copying, printing, scanning and faxing. Canon iR-ADV C5535 of Canon (China) Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.

Fujifilm (China) Investment Co., Ltd. was established in 2001. It is a branch of Fujifilm Group in China. Its headquarters is located in Pudong New Area, Shanghai. Its business covers civilian products (such as digital cameras, instant imaging cameras and photo printing solutions), medical products (including endoscopes, CT systems, medical IT systems, and ultrasound equipment), commercial products (such as printing equipment, optical equipment, and data storage solutions) and semiconductor material research and development. Fujifilm (China) Investment Co., Ltd. Fujifilm Xerox(R) C315 Color MFP has a denial of service vulnerability. Attackers can exploit the vulnerability to cause printer service interruption.

ZT199 is a mobile phone. ZTE Corporation's ZT199 has a weak password vulnerability, which can be exploited by attackers to log in to the system and obtain sensitive information.

Tatung World Technology Co., Ltd. has two main entities: one is a listed company headquartered in Taiwan, China (established in 2000), and the other is a newly established company located in Hunan (established in 2025). The Taiwanese company focuses on telecommunications and system integration services and ranks among the top five system integrators in Taiwan; the Hunan company focuses on computer system security and biotechnology. Tatung World Technology Co., Ltd. Tatung lOT Edge Setting has a command execution vulnerability, which can be exploited by attackers to execute arbitrary code.