VARIoT IoT vulnerabilities database

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Totolink TOTOLINK A3002RU is a wireless router product from Totolink Company in Taiwan, China. TOTOLINK A3002R V1.1.1-B20200824 has a cross-site scripting vulnerability, which is caused by the lack of proper authentication of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. Eclipse Californium Exists in a digital signature verification vulnerability.Information may be tampered with. Eclipse Californium is a Java-based code library of the Eclipse Foundation that provides Coap back-end support for the Internet of Things. Eclipse Californium has a data forgery vulnerability. The following products and versions are affected: Eclipse Californium 2.0.0 to 2.6.4 versions, Eclipse Californium 3.0.0-M1 to 3.0.0-M3 versions

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow. TP-Link Wireless N Router WR840N Exists in a vulnerability related to the leakage of resources to the wrong area.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Null pointer dereference in SuiteLink server while processing command 0x0b. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

Null pointer dereference in SuiteLink server while processing command 0x07. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. The network gateway of Hangzhou Hikvision Digital Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

SINDOH P411_P416 is a printer. SINDOH P411_P416 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

SINDOH D410 is a printer. SINDOH D410 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

IVMS-8201E-NCG is a carrier-grade networking gateway device that integrates signaling gateway services, media gateway services, security authentication, authority management, log management, and network management functions. It can realize video based on GB/T 28181-2011 networking standards Cascade and interconnection between monitoring platforms. Hangzhou Hikvision Digital Technology Co., Ltd. IVMS-8201E-NCG has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. SINEMA Remote Connect Client Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens). The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Beijing Wanwei Yingchuang Technology Development Co., Ltd. is committed to the R&D and application of products and technologies in the field of environmental protection Internet of Things. It is an enterprise integrating R&D, production and sales. Beijing Wanwei Yingchuang Technology Development Co., Ltd. pollution source online monitoring system has SQL injection vulnerabilities, attackers can use vulnerabilities to obtain database sensitive information.

Null pointer dereference in SuiteLink server while processing commands 0x03/0x10. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is a supplier of network communication equipment. The TP-LINK Video Surveillance, Management and Storage Integrated Machine of Prolink Technology Co., Ltd. has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.

A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12104 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13270 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13271 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. D-Link DAP-2020 Routers contain a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12103 Was numbering.Information may be obtained. D-Link DAP-2020 is a wireless N access point