VARIoT IoT vulnerabilities database
| VAR-202111-1735 | CVE-2021-21923 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery
| VAR-202111-1734 | CVE-2021-21922 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery
| VAR-202111-1733 | CVE-2021-21921 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery
| VAR-202111-1732 | CVE-2021-21937 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1731 | CVE-2021-21920 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery
| VAR-202111-1730 | CVE-2021-21936 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-1729 | CVE-2021-21935 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1728 | CVE-2021-21934 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1727 | CVE-2021-21933 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1726 | CVE-2021-21932 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1725 | CVE-2021-21931 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1724 | CVE-2021-21930 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1723 | CVE-2021-21929 | R-SeeNet In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery
| VAR-202111-1129 | CVE-2021-36321 | Dell Networking X-Series input validation error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. Dell Networking X-Series is a series of intelligent network management switches from Dell (Dell) in the United States
| VAR-202111-1159 | CVE-2021-36322 | Dell Networking X-Series Injection Vulnerability in Firmware |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. Dell Networking X-Series is a series of intelligent network management switches from Dell (Dell) in the United States
| VAR-202111-1130 | CVE-2021-36320 | Dell Networking X-Series Insufficient Entropy Vulnerability in Firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. Dell Networking X-Series Firmware has an entropy deficiency vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell Networking X-Series is a series of intelligent network management switches from Dell (Dell) in the United States
| VAR-202111-1216 | CVE-2021-36306 | Networking OS10 Authentication vulnerability in |
CVSS V2: 9.3 CVSS V3: 9.8 Severity: CRITICAL |
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. Networking OS10 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-1215 | CVE-2021-36307 | Networking OS10 Vulnerability in privilege management in |
CVSS V2: 8.5 CVSS V3: 8.8 Severity: HIGH |
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. Networking OS10 Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-1214 | CVE-2021-36308 | Networking OS10 Authentication vulnerability in |
CVSS V2: 9.3 CVSS V3: 9.8 Severity: CRITICAL |
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. Networking OS10 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202111-1213 | CVE-2021-36310 | Dell Networking OS10 Resource exhaustion vulnerability in |
CVSS V2: 6.8 CVSS V3: 4.9 Severity: MEDIUM |
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. Dell Networking OS10 Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state