VARIoT IoT vulnerabilities database

Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. Co., Ltd. This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Yokohama National University Takayuki Sasaki MrOf the product WebUI Any script may be executed on the web browser of the user accessing

This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. ipTIME C200 IP The camera has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215.

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. IBM MQ Appliance There is a code injection vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212441 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path. Windows for FortiClient and FortiClientEMS Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiClient is a set of mobile terminal security solutions from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. An escalation of privilege vulnerability exists in FortiClient, which is caused by the application loading DLL libraries in an unsafe manner

IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042. IBM MQ Appliance There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 212042 It is published as.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware. No detailed vulnerability details are currently provided

IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM MQ Appliance is an all-in-one device from IBM of the United States for rapid deployment of enterprise-level messaging middleware

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..). (DoS) It may be in a state

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. eCNS280_TD and eSE620X vESS Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Huawei ESE620X vESS is a virtual enterprise service controller. eCNS280_TD is the core network equipment of the wireless broadband trunking system

An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. VxWorks contains a double free vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Wind River VxWorks is an operating system of Wind River Company of the United States. The industry-leading real-time operating system for building embedded devices and systems. No detailed vulnerability details are currently provided

Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR-932C E1 firmware allows an unauthenticated attacker to execute administrative actions. (DoS) It may be in a state. D-Link Dwr-932C E1 is a WiFi mobile modem router from China's D-Link company. The D-Link DWR-932C E1 firmware has a security vulnerability. The vulnerability stems from the lack of key function certification in post set.cgi. Attackers can use this vulnerability to perform management operations

OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. (DoS) It may be in a state. D-Link Dwr-932C E1 is a WiFi mobile modem router from China's D-Link company

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter

There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones are vulnerable to improper default permissions.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. An incorrect permission vulnerability exists in Huawei Emui and Magic UI

There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. There are bypass vulnerabilities in Huawei Emui and Magic UI

There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have information disclosure vulnerabilities

There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. Authentication vulnerabilities exist in Huawei Emui and Magic UI

There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. There are remote DoS vulnerabilities in Huawei Emui and Magic UI

There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones have an injection vulnerability.Service operation interruption (DoS) It may be in a state. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have injection attack vulnerabilities