VARIoT IoT vulnerabilities database

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. Open PLC Webserver v3 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Datang Telecom Technology Co., Ltd. is a high-tech enterprise controlled by the Institute of Telecommunications Science and Technology (Datang Telecom Technology Industry Group). Datang Telecom has formed four major industrial sectors: integrated circuit design, software and application, terminal design, and mobile Internet . Datang Telecom’s AC centralized management platform has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. Hangzhou Hikvision System Technology Co., Ltd. DS-SAG200 has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

NETGEAR R8000 is a gigabit router. NETGEAR R8000 has a binary vulnerability. Attackers can use the vulnerability to cause stack overflow.

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to cause a denial of service, forcing the device to reboot via a crafted HTTP request. Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee, Canada

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. CODESYS Control Runtime system Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links

Denve is a European supplier of consumer electronics products. Denver smart wifi camera shc-150telnet command execution vulnerability, attackers can use this vulnerability to execute arbitrary code.

Both bizhub C364 and bizhub C280 are color printers launched by Konica Minolta. Many Konica Minolta printers have weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera WV-SF138 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera WV-SF332 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link

Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. ecobee3 lite Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee, Canada. Ecobee Ecobee3 Lite has security vulnerabilities

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. HarmonyOS Is vulnerable to a lack of free memory after expiration.Denial of service (DoS) It may be put into a state

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HarmonyOS Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state