VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202606-0053 CVE-2026-46749 Siemens' SINEC INS predictable in  Salt  One-Way Hash Usage Vulnerability CVSS V2: -
CVSS V3: 7.5
Severity: Medium
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-0051 CVE-2026-46748 Siemens' SINEC INS Unnecessary Privileged Execution Vulnerability in CVSS V2: -
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system. root It is possible to obtain the necessary permissions.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-0054 CVE-2026-46747 Siemens' SINEC INS Past traversal vulnerability in CVSS V2: -
CVSS V3: 4.3
Severity: Medium
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations. - No rewriting will occur to the information handled by the software. - The software will not stop
VAR-202606-0052 CVE-2026-46746 Siemens' SINEC INS In OS  Command injection vulnerability CVSS V2: -
CVSS V3: 8.8
Severity: High
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins). - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-0933 CVE-2026-11492 D-Link Corporation of DIR-823G  Multiple vulnerabilities in firmware CVSS V2: 4.0
CVSS V3: 4.3
Severity: Low
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Techniques exploiting this vulnerability have been publicly disclosed and could be used in attacks.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-1108 CVE-2026-20245 Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerabilities related to encoding and escaping in multiple products such as the above. CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.&nbsp; To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices. root It may be possible to execute arbitrary commands with the appropriate privileges. root It is possible to elevate privileges as a user. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-1867 CVE-2026-1871 TP-LINK Technologies of tapo c200  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts. If this vulnerability is exploited, affected systems will be affected. - No information handled by the software will be rewritten. - The software may completely shut down
VAR-202606-1002 CVE-2026-35718 VIVOTEK Inc. of Network Camera FD8136  Path traversal vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request. - No rewriting will occur to the information handled by the software. - The software will not stop
VAR-202606-1526 CVE-2026-35716 VIVOTEK Inc. of Network Camera FD8136  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.3
Severity: MEDIUM
A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profile.cgi endpoint (all symlinks to the same binary). The parameter value is copied into a fixed-size 0xa4-byte stack buffer without bounds checking, overwriting the saved link register. The binary is compiled without stack canaries. The value of this parameter is fixed in size. - Some of the information handled by the software may be overwritten. - Some parts of the software may stop working
VAR-202606-1001 CVE-2026-30652 VIVOTEK Inc. of Network Camera FD8136  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-1876 CVE-2026-30650 VIVOTEK Inc. of Network Camera FD8136  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device remotely. root This allows execution based on the available permissions.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
VAR-202606-1525 CVE-2026-30649 VIVOTEK Inc. of Network Camera FD8136  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.3
Severity: HIGH
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component. - Some of the information handled by the software may be overwritten. - Some parts of the software may stop working
VAR-202606-1877 CVE-2026-35717 VIVOTEK Inc. of Network Camera FD8136  Stack-based buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 6.3
Severity: MEDIUM
A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export_language.cgi endpoint. The handler passes the attacker-controlled Content-Length value directly to fread() as the read size into a fixed-size 0x60-byte stack buffer, overwriting the saved link register. The binary is compiled without stack canaries. The handler is controlled by the attacker. - Some of the information handled by the software may be overwritten. - Some parts of the software may stop working
VAR-202605-1119 CVE-2026-35194 Apache Software Foundation of Apache Flink Code injection vulnerability in CVSS V2: -
CVSS V3: 8.1
Severity: HIGH
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions (1.15.0+) and LIKE expressions with ESCAPE clauses (1.17.0+). User-controlled strings are interpolated into generated Java code without proper escaping, allowing attackers to break out of string literals and inject arbitrary expressions. Users are recommended to upgrade to either version 1.20.4, 2.0.2, 2.1.2 or 2.2.1, which fixes this issue. 1.20.4 , 2.0.2 , 2.1.2 or 2.2.1 We recommend that you upgrade to .All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
VAR-202605-6706 CVE-2026-20224 Cisco Systems Cisco Catalyst SD-WAN Manager Input verification vulnerability in CVSS V2: -
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system. - No rewriting will occur to the information handled by the software. - The software will not stop
VAR-202605-4134 CVE-2026-20210 Cisco Systems Cisco Catalyst SD-WAN Manager Excessive data logging vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user. If the attack is successful, the attacker could then act as a high-privilege user. - Some of the information handled by the software may be overwritten. - The software will not stop
VAR-202605-4455 CVE-2026-20209 Cisco Systems Cisco Catalyst SD-WAN Manager Excessive data logging vulnerability in CVSS V2: -
CVSS V3: 5.4
Severity: MEDIUM
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user. - Some of the information handled by the software may be overwritten. - The software will not stop
VAR-202605-3704 CVE-2026-20182 Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerabilities related to authentication in multiple products, such as CVSS V2: -
CVSS V3: 10.0
Severity: CRITICAL
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.&nbsp; A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. A successful attack would allow the attacker to gain administrator privileges. Cisco Catalyst SD-WAN Controller He has high authority within the company. root This will allow you to log in as a non-user account. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks exploiting this vulnerability may affect other software as well
VAR-202605-2181 CVE-2026-31156 OpenPLC Project of OpenPLC_v3  Path traversal vulnerability in firmware CVSS V2: -
CVSS V3: 6.5
Severity: MEDIUM
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files. OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) This has a path injection vulnerability. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software
VAR-202605-3727 CVE-2026-26083 fortinet's FortiSandbox Vulnerabilities related to lack of authentication in multiple products, such as CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software