VARIoT IoT vulnerabilities database

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. ApeosPort-V C3375 T2 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. ApeosPort-VI C3371 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. ApeosPort-VI C3370 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. ApeosPort-V C3376 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. DocuCentre-IV 2060 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Fuji Xerox (China) Co., Ltd. was established on January 3, 1995. It is a wholly-owned holding company of Fuji Xerox in China with a registered capital of US$39 million. Fuji Xerox (China) Co., Ltd. is headquartered in Beijing. Fuji Xerox (China) Co., Ltd. DocuCentre-II 4000 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality

There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. EMUI , HarmonyOS , Magic UI Exists in a classic buffer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. HarmonyOS Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with. Samsung SmartThings is an application from South Korea's Samsung that can connect to smart devices

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>. ZXIPTV Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE ZXIPTV is a set-top box from ZTE. ZTE ZXIPTV EAS_P version 5.06.04.09 has a cross-site scripting vulnerability. This vulnerability is caused by the application's lack of checksum of user input data to filter the input data. An attacker can exploit this vulnerability to lure users to click on a link containing a malicious request, causing code to be executed on the client side to steal user cookie credentials

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. plural Bosch Product Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Hewlett-Packard (Hewlett-Packard, referred to as HP) is one of the information technology (IT) companies, founded in 1939, HP is headquartered in Palo Alto, California, USA. HP has three business groups: Information Products Group, Printing and Imaging Systems Group, and Enterprise Computer Professional Services Group. HP LaserJet 400 colorMFP M475dn has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Beijing Landwell Electronic Technology Co., Ltd. (abbreviated as Landwell), established all independent intellectual property rights and independent brand "LANDWELL" mobile automatic identification products; built RFID key intelligent management system, GPRS patrol inspection system research and development , Manufacturing, sales and system integration of high-tech enterprises. An unauthorized access vulnerability exists in the cloud patrol system of Beijing Landhua Electronic Technology Co., Ltd. Attackers can use vulnerabilities to construct requests through interface documents to obtain sensitive information.

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service. ecobee3 lite Is vulnerable to an out-of-bounds write.Information is tampered with and denial of service (DoS) It may be put into a state. Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee, Canada. There is a buffer error vulnerability in Ecobee Ecobee3 Lite