VARIoT IoT vulnerabilities database

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. PEPPERL+FUCHS WirelessHART-Gateway Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. PEPPERL+FUCHS WirelessHART-Gateway Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once. PEPPERL+FUCHS WirelessHART-Gateway There are vulnerabilities in inadequate protection of credentials.Information may be obtained

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. plural NETGEAR An improper comparison vulnerability exists in routers. Zero Day Initiative To this vulnerability ZDI-CAN-13313 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MS521dn is a printer of Lexmark International Inc. Lexmark MS521dn has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

RICOH Aficio MP 171 is a printer of Ricoh (China) Investment Co., Ltd. Ricoh (China) Investment Co., Ltd. RICOH Aficio MP171 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Lexmark XM3250 is a printer from Lexmark International Inc. Lexmark XM3250 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Schneider Electric M340 is a mid-range PAC industrial process and infrastructure control. Schneider Electric M340 has vulnerabilities in industrial control equipment. Attackers can use the vulnerabilities to remotely obtain the backdoor password, use the password to connect to the password-protected controller, and perform various sensitive operations, such as stopping and running.

There is a command execution vulnerability in a ZTE conference management system. As some services are enabled by default, the attacker could exploit this vulnerability to execute arbitrary commands by sending specific serialization command. ZTE There is a vulnerability in the conference management system regarding deserialization of untrusted data.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXV10 M910 is a high-definition video server for video conferencing from China's ZTE Corporation. ZTE ZXV10 M910 has a security vulnerability

Huawei AR2240 is an enterprise-level router product developed by Huawei. Huawei Technologies Co., Ltd. AR2240 series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Schneider Electric SA is a global electrical company headquartered in France. Schneider Electric Modicon PAC M580 and M340 have an authorization bypass vulnerability, which can be exploited by attackers to cause a denial of service.

Lexmark XC2235 is a printer of Lexmark International Inc. Lexmark XC2235 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

X463de is a printer of Lexmark International Inc. Lexmark X463de has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Teledyne FLIR focuses on the design, development, production, marketing and promotion of professional technologies for enhancing situational awareness. The FLIR-AX8 of the American company Phillips has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.

Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. Victure PC420 Smart cameras are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

MFC-L2710DW series is a multi-function printer. Brother Industries MFC-L2710DW series has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Beijing Link Technology Co., Ltd. is a company that has professional Wi-Fi technology and is committed to combining Internet technology with traditional industries to help industry customers embrace the Internet and create new value for traditional industries. The smart gateway configuration platform of Beijing Link Technology Co., Ltd. has a stored XSS vulnerability. Attackers can use this vulnerability to obtain sensitive information such as user cookies.

207W Network Camera is a network camera. AXIS 207W Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. Ruijie NBR router has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

AXIS 241SA is a network video server of Axis Communications AB. Axis Communications AB AXIS 241SA has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information and perform unauthorized operations.