VARIoT IoT vulnerabilities database

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to escalate privileges and evade compliance guarantees

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS Exists in unspecified vulnerabilities.Information may be tampered with. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS where users authenticated through the ISI PRIV LOGIN PAPI can make unaudited and untraceable configuration changes to settings that their role has permission to change

RG-NBR800GW is an Internet behavior management router launched by Ruijie. It is a router designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR800GW has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Kyan is a network monitoring device. Kyan network monitoring equipment has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Tenda AC9 is a wireless router with gigabit Ethernet port launched by Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda AC9 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure. Sangfor Technology Co., Ltd. MIG 5.3 has a command execution vulnerability, which can be exploited by attackers to gain server control rights.

RG-NBR700W is an Internet behavior management router, which is specially designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR700W has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

W908-A10000 is a wireless controller of ZTE Corporation. ZTE Corporation W908-A10000 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. Beijing StarNet Ruijie Networks Technology Co., Ltd. EG Easy Gateway has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive system information.

233D is a network camera. Axis 233D Network Dome Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell Color MFP S2825cdn is a printer device. Dell Color MFP S2825cdn has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Honeywell (China) Co., Ltd. is a part of Honeywell International, a diversified, high-tech advanced manufacturing company. Honeywell (China) Co., Ltd. Hybrid Alarm Receiver (Professional Edition) has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive information in the database.

NETGEAR GS748Tv5 is a Gigabit Ethernet switch. NNETGEAR GS748Tv5 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions. Ricoh (China) Investment Co., Ltd. RICOH Aficio MP C305 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. Dut Computer Control Engineering Co. PLC MAC1100 Exists in a vulnerability related to the lack of authentication.Service operation interruption (DoS) It may be in a state. MAC1100 PLC is an industrial control product PLC

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. Dut Computer Control Engineering Co. PLC MAC1100 Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MAC1100 PLC is an industrial control product PLC. There is a security loophole in MAC1100 PLC. Attackers can use this loophole to access the system and upgrade privileges through an elaborate package