VARIoT IoT vulnerabilities database

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. ACRN is an open source virtual machine monitor for the Internet of Things. No detailed vulnerability details are currently provided

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

Aitai Technology is a small and medium-sized network solution provider and service provider in China. A number of Aitai router products have weak password vulnerabilities, which can be exploited by attacks to obtain sensitive information.

Enterprising 518G is a router device of Shanghai Aitai Technology Co., Ltd. Shanghai Aitai Technology Co., Ltd. enterprising 518G has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

FWB, FAC series is a router of Shenzhen Xunjie Communication Technology Co., Ltd., including FWB201S, FWB505, FAC1203R, FWB201, FAC1900R, FWB200, FAC1200R, etc. Shenzhen Xunjie Communication Technology Co., Ltd. FWB and FAC series routers have binary vulnerabilities. Attackers can use the vulnerabilities to gain server control rights.

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. ACRN Is vulnerable to the use of freed memory.Denial of service (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. ACRN Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

The GST Smart Fire Internet of Things System is developed through successful experience in the establishment and application of urban fire automatic alarm network monitoring and management systems. Gulf Security Technology Co., Ltd. GST Smart Fire Internet of Things system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. ACRN Is vulnerable to the use of freed memory.Denial of service (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided. The version of Acrn-hypervisor before 2.5 has a security vulnerability, which is caused by using unknown input to manipulate parameters, which can cause memory corruption

ZoneDirector ZD1200 is a wireless controller product of RUCKUS. The ZoneDirector ZD1200 wireless controller has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Axis is an IT company that specializes in providing network video solutions. AXIS 212 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Founded in 1987, Huawei Technologies Co., Ltd. is the world's leading provider of ICT (information and communications) infrastructure and smart terminals. Huawei Technologies Co., Ltd. S5700 series switches have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

New H3C Technology Co., Ltd. is a new IT solution provider, committed to becoming the most reliable partner for customer business innovation and digital transformation. The main products are routers, big data, switches, Internet of Things, cloud computing, servers, etc. The H3C SecPath operation and maintenance audit system has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. - CVE-2021-32981 It was * Not properly validating that data or communication origin is valid - CVE-2021-32985 It was * Not verifying digital signatures on data, or verifying them incorrectly - CVE-2021-32977. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently provided

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. - CVE-2021-32981 It was * Not properly validating that data or communication origin is valid - CVE-2021-32985 It was * Not verifying digital signatures on data, or verifying them incorrectly - CVE-2021-32977. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently provided

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently available

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)