VARIoT IoT vulnerabilities database
| VAR-202107-1716 | No CVE | Huawei HG659 has an arbitrary file reading vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Huawei HG659 is a home gateway.
Huawei HG659 has arbitrary file reading vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.
| VAR-202107-1876 | No CVE | AXIS P3344 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS P3344 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1714 | No CVE | Xingwang Smart SVG6000 series voice gateways have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
As the core business unit of StarNet Ruijie for smart communications, StarNet Wisdom is a leading provider of converged communication solutions in China.
Starnet Smart SVG6000 series voice gateways have weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.
| VAR-202107-0946 | CVE-2021-29297 | Emerson GE Automation Proficy Machine Edition Classic buffer overflow vulnerability in |
CVSS V2: 2.6 CVSS V3: 5.3 Severity: MEDIUM |
Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll"
| VAR-202107-1901 | No CVE | An SQL injection vulnerability exists in the property integrated billing management cloud platform of Shenzhen China Electric Power Technology Co., Ltd. |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The property integrated billing management system is based on cloud computing, the Internet of Things and advanced smart billing management technology, which realizes the flexible access of power system smart electricity data and other smart terminal data, and supports 4G, RS-485, Ethernet and other communication methods. Enable data interconnection, realize online online recharge, SMS reminder and balance inquiry, etc.
Shenzhen China Electric Power Technology Co., Ltd. property integrated billing management cloud platform has SQL injection vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information in the database.
| VAR-202107-1884 | No CVE | Unauthorized access vulnerability exists in AXIS 241Q Video Server |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS 241Q Video Server has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1872 | No CVE | AXIS M5014 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M5014 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1877 | No CVE | AXIS P1353 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS P1353 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1871 | No CVE | AXIS M3114 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M3114 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-0418 | CVE-2020-5353 | DELL Dell EMC Isilon OneFS and EMC PowerScale Security hole |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system
| VAR-202107-1891 | No CVE | AXIS M1031-W Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M1031-W Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1890 | No CVE | AXIS 215 PTZ Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS 215 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1834 | No CVE | Unauthorized access vulnerability exists in Axis-207 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis Communications AB is an IT company that specializes in providing network video solutions.
Axis-207 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1888 | No CVE | Unauthorized access vulnerability exists in Axis-M1104 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis Communications AB is an IT company that specializes in providing network video solutions.
Axis-M1104 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1720 | No CVE | Ruijie Networks Co., Ltd. EG1000L has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
Ruijie Networks Co., Ltd. EG1000L has a weak password vulnerability. Attackers can use this vulnerability to log in to the device backend to obtain sensitive information.
| VAR-202107-1893 | No CVE | AXIS M1113 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M1113 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1889 | No CVE | Unauthorized access vulnerability exists in AXIS M1054 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M1054 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1719 | No CVE | Ruijie Networks Co., Ltd. NBR2000D has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
Ruijie Networks Co., Ltd. NBR2000D has a weak password vulnerability. Attackers can use this vulnerability to log in to the device backend to obtain sensitive information.
| VAR-202107-1722 | No CVE | Ruijie Networks Co., Ltd. 1000C has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a data communication solution provider.
Ruijie Networks Co., Ltd. 1000C has a weak password vulnerability. Attackers can use this vulnerability to log in to the device backend to obtain sensitive information.
| VAR-202107-1886 | No CVE | AXIS M1103 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M1103 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.