VARIoT IoT vulnerabilities database

TOTOLINK A702R is a router product. TOTOLINK A702R has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. Dell's EMC PowerScale OneFS contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. Dell's EMC PowerScale OneFS There is a vulnerability in improper default permissions.Service operation interruption (DoS) It may be in a state

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss. Dell's EMC PowerScale OneFS There is a vulnerability in the use of inadequate random values.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. Dell's EMC PowerScale OneFS for, PRNG A vulnerability exists related to improper use of seeds in .Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. Dell's EMC PowerScale OneFS Exists in the use of cryptographic algorithms.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. Dell's EMC PowerScale OneFS Exists in unspecified vulnerabilities.Information may be tampered with

There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. Huawei of flmg-10 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Huawei FLMG-10 is a high-end Bluetooth remote control speaker from the Chinese company Huawei. A local attacker could exploit the vulnerability to install a persistent and stealthy boot package or malicious bootloader and gain unauthorized access to the device

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE. (DoS) It may be in a state. No detailed vulnerability details are currently provided

An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function. of D-Link Japan Co., Ltd. dir-823g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823G is a wireless router from D-Link Company in Taiwan. D-Link DIR-823G has a command injection vulnerability, which can be exploited by attackers to achieve command injection

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. ASUSTeK Computer Inc. of RT-AC86U There is an input validation vulnerability in firmware.Service operation interruption (DoS) It may be in a state. ASUS RT-AC86U is a dual-band Wi-Fi router from ASUS China

A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. OpServices of OpMon Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars

There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit the vulnerability to gain a stable root shell by constructing a payload

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. ASUSTeK Computer Inc. of RT-AX56U An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AX56U is a wireless router from ASUS (ASUS) in Taiwan

ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. ASUSTeK Computer Inc. of RT-AX56U A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. ASUS RT-AX56U is a wireless router from ASUS (ASUS) in Taiwan

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an insufficient random value usage vulnerability.Service operation interruption (DoS) It may be in a state

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product contains an unreliable pointer dereference vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. drtrustusa of icheck connect bp monitor bp testing 118 The firmware has Capture-replay An authentication bypass vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are currently provided

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. CODESYS Control for BeagleBone SL , control for beckhoff cx9020 , CODESYS Control for emPC-A/iMX6 SL etc. multiple CODESYS GmbH The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state