VARIoT IoT vulnerabilities database

P5624-E Network Camera is a network camera. Axis P5624-E Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. is a leading R&D and manufacturer of smart parking smart terminal equipment in China. Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. T83-CV102 entrance and exit license plate recognition high-definition network integrated camera has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

MX-4070V is a printer product of Sharp Trading (China) Co., Ltd. Sharp Trading (China) Co., Ltd. MX-4070V has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Sapido GR-1733 is a gigabit wireless router. Sapido GR-1733 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. An information disclosure vulnerability exists in the backup management server of Hangzhou Hikvision Digital Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

C3765dnf Color MFP is a color laser printer from Dell. Dell C3765dnf Color MFP has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Xindu (Qingdao) Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales. Xindu (Qingdao) Office System Co., Ltd. SINDOH A601_A606 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Totolink TOTOLINK A3002RU is a wireless router product from Totolink Company in Taiwan, China. TOTOLINK A3002R V1.1.1-B20200824 has a cross-site scripting vulnerability, which is caused by the lack of proper authentication of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. TOTOLINK A702R Exists in unspecified vulnerabilities.Information may be tampered with. TOTOLINK A702r is a router device from China TOTOLINK Company. The TOTOLINK A702r has a security vulnerability that stems from the product's login page not adding effective permission controls to directory access

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. Eclipse Californium Exists in a digital signature verification vulnerability.Information may be tampered with. Eclipse Californium is a Java-based code library of the Eclipse Foundation that provides Coap back-end support for the Internet of Things. Eclipse Californium has a data forgery vulnerability. The following products and versions are affected: Eclipse Californium 2.0.0 to 2.6.4 versions, Eclipse Californium 3.0.0-M1 to 3.0.0-M3 versions

Hikvision is a video-centric intelligent IoT solution and big data service provider. Hikvision's backup management server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Hikvision is a video-centric intelligent IoT solution and big data service provider. The backup management server of Hangzhou Hikvision Digital Technology Co., Ltd. has a directory traversal vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Xindu (Qingdao) Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales. Xindu (Qingdao) Office System Co., Ltd. SINDOH A603_A608 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Ricoh generally refers to Ricoh. Ricoh (Ricoh) is a famous Japanese manufacturer of office equipment and optical machines and a Fortune 500 company in the world. RICOH Aficio MP 301 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Epson (China) Co., Ltd. is a company whose business includes printers, scanners, projectors and other information-related products business, electronic components business, and industrial automation equipment business. The Epson (China) Co., Ltd. L565 Series printer has an unauthorized access vulnerability. Attackers can use the vulnerability to access unauthorized access to obtain sensitive information and perform unauthorized operations.

Litian Transcend Technology (Shenzhen) Co., Ltd. (E tag for short) is a solution provider in Shenzhen. Litian Transcend Technology (Shenzhen) Co., Ltd. Brickstream 3D has an unauthorized access vulnerability. Attackers can use this vulnerability to access unauthorized access to obtain sensitive information and perform unauthorized operations.

SPAM SQR mail security gateway is a new generation mail filtering system that separates spam and threat mail, and provides differentiated behavior management functions. Shou Nei An Information Technology (Shanghai) Co., Ltd. SPAM SQR mail security gateway has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router. There is a cross-site scripting vulnerability in ddns.htm in TOTOLINK A3002R 1.1.1-B20200824

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is a wireless router product from Taiwan TOTOLINK Company