VARIoT IoT vulnerabilities database

FIR303B is a wireless router produced in mainland China. FIR304D is a wireless router. HGE318 is a wireless router. Shanghai Feixun Data Communication Technology Co., Ltd. has a command execution vulnerability in many routers. Attackers can use this vulnerability to execute arbitrary commands.

Shenzhen Samkoon Technology Co., Ltd. is a provider of industrial automation solutions. Shenzhen Samkoon Technology Co., Ltd. Samkoon FGRS-C8X8T-4/4PLC has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

HP LaserJet M211dw is a printer product. HP LaserJet M211dw of HP Trading (Shanghai) Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing StarNet Ruijie Network Technology Co., Ltd. is an industry-leading ICT infrastructure and industry solution provider. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions. Beijing StarNet Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

RICOH MP C4504e is a printer. RICOH MP C4504e of Ricoh (China) Investment Co., Ltd. has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing Huali Chuangtong Technology Co., Ltd. (hereinafter referred to as Huali Chuangtong) is a leader in information technology and innovative applications for domestic defense, government and industry. Beijing Huali Chuangtong Technology Co., Ltd.'s 6100 satellite mobile terminal has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

Yaskawa Electric (China) Co., Ltd. is a company that provides overall solutions. Yaskawa Electric (China) Co., Ltd.'s Yaskawa MP2310 motion controller has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

RICOH IM C300 is a color digital multifunction printer. RICOH IM C300 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. vigor2620 firmware, vigorlte200 firmware, vigor2860 firmware etc. DrayTek Corporation The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. vigor3912 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product contains an unrestricted file upload vulnerability of a dangerous type.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request. vigor165 firmware, vigor166 firmware, vigor2620 firmware etc. DrayTek Corporation The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. vigor166 firmware, vigor2620 firmware, vigorlte200 firmware etc. DrayTek Corporation The product contains a certificate validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

SAMSUNG X6300 is a camera product. SAMSUNG X6300 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Beijing Xingwang Ruijie Network Technology Co., Ltd. is a provider of ICT infrastructure and industry solutions. Its main business is the research, design and sales of network equipment, network security products and cloud desktop solutions. Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-UAC-6000-E20 has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

SAMSUNG X6250 is an all-in-one computer. SAMSUNG X6250 has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.

SNC-RZ50N is a network camera with day and night switching function. Sony Group Corporation SNC-RZ50N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

bizhub C258 is a color multifunction printer. KONICA MINOLTA, INC. bizhub C258 has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

Toshiba Corporation. STUDIO3008A is a network printer. Toshiba Corporation. STUDIO3008A has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information.