VARIoT IoT vulnerabilities database
| VAR-202206-2408 | No CVE | Weak password vulnerability in TOTOLink A7000R |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TOTOLINK A7000R is a wireless router.
TOTOLink A7000R has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202206-0354 | CVE-2021-42892 | TOTOLINK EX1200T Trust Management Issue Vulnerability |
CVSS V2: 5.0 CVSS V3: 4.3 Severity: MEDIUM |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. TOTOLINK of ex1200t A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information may be tampered with. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0176 | CVE-2021-42890 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0320 | CVE-2021-42886 | TOTOLINK EX1200T Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. TOTOLINK of ex1200t Firmware has an information disclosure vulnerability.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0214 | CVE-2021-42893 | TOTOLINK of ex1200t Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0218 | CVE-2021-42884 | TOTOLINK EX1200T Command Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0123 | CVE-2021-42888 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0004 | CVE-2022-26134 | Atlassian of Confluence Data Center and Confluence Server Vulnerability in improper invalidation of special elements used to represent language construction in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. (DoS) It may be in a state. Atlassian Confluence Server is a server version of Atlassian's collaboration software with enterprise knowledge management functions and support for building enterprise WiKi. The affected versions are from 1.3.0 prior to 7.4.17, from 7.13.0 prior to 7.13.7, from 7.14.0 prior to 7.14.3, from 7.15.0 prior to 7.15.2, from 7.16.0 prior to 7.16.4, from 7.17.0 prior to 7.17.4, and from 7.18.0 prior to 7.18.1
| VAR-202206-0054 | CVE-2021-42891 | TOTOLINK of ex1200t Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. TOTOLINK of ex1200t Firmware has a lack of authentication vulnerability for critical functionality.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0222 | CVE-2021-42875 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a wireless signal booster. An attacker can exploit this vulnerability to control ipDoamin
| VAR-202206-0172 | CVE-2022-22556 | Dell's powerstoreos Resource exhaustion vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. Dell's powerstoreos Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
| VAR-202206-0048 | CVE-2021-42872 | TOTOLINK of ex1200t in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. TOTOLINK of ex1200t The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK
| VAR-202206-0171 | CVE-2022-26867 | Dell's powerstoreos In CSV Vulnerability in neutralizing math elements in files |
CVSS V2: 6.0 CVSS V3: 8.0 Severity: HIGH |
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. Dell's powerstoreos for, CSV A vulnerability exists regarding the neutralization of formula elements in files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads.
A formula injection vulnerability exists in Dell PowerStore that could be exploited by attackers to inject payloads
| VAR-202206-0125 | CVE-2022-26868 | Dell's powerstoreos In OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. Dell's powerstoreos for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
| VAR-202206-0406 | CVE-2022-29780 | nginx of njs Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. nginx of njs Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202206-0057 | CVE-2022-22557 | Dell's powerstoreos Vulnerability regarding insufficient protection of authentication information in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell's powerstoreos There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads.
An authorization issue vulnerability exists in Dell PowerStore, which can be exploited by attackers to leak certain user credentials
| VAR-202206-0293 | CVE-2022-26866 | Dell's powerstoreos Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.5 Severity: MEDIUM |
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
| VAR-202206-0324 | CVE-2022-31463 | Owl Labs Meeting Owl Authorization Issue Vulnerability |
CVSS V2: 4.3 CVSS V3: 7.1 Severity: HIGH |
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. Equipped with an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive. No detailed vulnerability details are currently provided
| VAR-202206-0380 | CVE-2022-31460 | Owl Labs Meeting Owl Trust Management Issue Vulnerability |
CVSS V2: 3.3 CVSS V3: 7.4 Severity: HIGH |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. Owl Labs Meeting Owl is a video conferencing device from Owl Labs in the United States. Equipped with an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive
| VAR-202206-0282 | CVE-2022-30521 | of D-Link Japan Co., Ltd. dir-890l Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. of D-Link Japan Co., Ltd. dir-890l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-890L is a wireless router.
The D-Link DIR-890L has a binary vulnerability that an attacker can exploit to gain control of the server