VARIoT IoT vulnerabilities database

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. ASRock 4x4 BOX-R1000 Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Hewlett-Packard Trading (Shanghai) Co., Ltd. is a company whose business scope includes computer software and hardware equipment, printing equipment, imaging equipment, and communication equipment. The HP PageWide Pro 477dw MFP has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Seiko Cloud MES is mainly aimed at on-site management of small and medium-sized manufacturing workshops. Based on the industrial Internet, microservices, cloud computing, Internet of Things, and big data technology architecture, it provides low-cost, fast deployment, and easy-to-operate SAAS applications. Seiko Cloud MES has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.

Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. WV-SW395 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

HP Officejet 5740 e-All-in-One Printer series is an all-in-one printer from HP Trading (Shanghai) Co., Ltd. The HP Officejet 5740 e-All-in-One Printer series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request. eQ-3 HomeMatic CCU2 Firmware and CCU3 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

bizhub C364e, bizhub 227, bizhub 554e, bizhub 363, bizhub 283, bizhub C224e, bizhub C284e and bizhub C258 are printer products of Konica Minolta Group. Many Konica Minolta products have unauthorized access vulnerabilities. Attackers can use this vulnerability to obtain sensitive information.

Seiko Cloud MES is mainly aimed at on-site management of small and medium-sized manufacturing workshops. Based on the industrial Internet, microservices, cloud computing, Internet of Things, and big data technology architecture, it provides low-cost, fast deployment, and easy-to-operate SAAS applications. Seiko Cloud MES has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.

OPPO A92s is a 5G mobile phone owned by OPPO. OPPO A92s has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Epson (China) Co., Ltd. is responsible for the overall management of Epson's investment and business development in China. Its business scope mainly includes printers, scanners, projectors and other information-related products business, electronic components business, and industrial automation equipment business. Many printers of Epson (China) Co., Ltd. have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

Dingdian Video Technology Co., Ltd. (abbreviated as Dingdian Video) is a wholly-owned subsidiary of Digital Video Group, focusing on the research and development, production, marketing and service of coaxial broadband access technology and optical communication technology. The NM3000 network element management system has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code. (DoS) It may be in a state. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions. Dell EMC OpenManage Enterprise (OME) Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root and default) exist that can be used on this interface. The usernames and passwords of the backdoor accounts are the same on all devices. Attackers can use these backdoor accounts to obtain access and execute code as root within the device. (DoS) It may be in a state. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Sannce ------------------------------------------ [Affected Product Code Base] Sannce Smart HD Wifi Security Camera - EAN nr: 2 950004 595317 ------------------------------------------ [Affected Component] Telnet daemon ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Anyone with network access to the device can trigger this vulnerability. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with the Dutch Consumer organisation. ------------------------------------------ [Reference] https://www.sannce.com Use CVE-2019-20467

Jiangsu Huaiye Huaiye is an original manufacturer with two independent core technologies: video cloud switching and wireless broadband private network communication. The video fusion gateway of Jiangsu Huaiye Information Technology Co., Ltd. has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Mikrotik RouterOs Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik's RouterOS

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. Easergy T300 There is an information leakage vulnerability in the firmware.Information may be obtained

Changsha Tongxun Computer Technology Co., Ltd. is a company dedicated to the research and development of China's Internet network acceleration solutions, providing industry-leading Internet cache acceleration and routing products and services for ISPs, education, enterprises and other customers. Freelander routing has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. Mikrotik RouterOs Exists in a reachable assertiveness vulnerability.Service operation interruption (DoS) It may be in a state. Re: Two vulnerabilities found in MikroTik's RouterOS