VARIoT IoT vulnerabilities database

RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things

RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things

Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions. Ruijie Networks EG2000CE has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.

GlassFish is a robust commercial compatible application server. GlassFish has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. TrendNet TW100-S4W1CA Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TrendNet TW100-S4W1CA is a four-port broadband router. TrendNet TW100-S4W1CA version 2.3.32 has a cross-site request forgery vulnerability. The vulnerability stems from the lack of proper session control

In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. TrendNet TW100-S4W1CA Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TrendNet TW100-S4W1CA is a four-port broadband router. TrendNet TW100-S4W1CA version 2.3.32 has a cross-site scripting vulnerability

H3C ER3100 is a high-performance VPN router, mainly positioned in the SMB market of Ethernet/optical/ADSL access and network environments such as government, corporate institutions, and Internet cafes. The H3C ER3100 VPN router has a binary vulnerability, which can be exploited by an attacker to gain control of the server.

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Synology Media Server is a media server. Synology Media Server versions prior to 1.8.3-2881 have a code problem vulnerability. The vulnerability stems from the Server-Server Request Forgery (SSRF) vulnerability of the cgi component

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Brand Verification Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Brand Verification Tool (BVT) is a tool used by Intel Corporation to test vPro and generate reports. After the test is passed, the customer can obtain the qualification to stick the vPro Logo by submitting the report

DI-7300G and DI-7200G are both D-Link router products. D-Link DI-7300G and DI-7200G have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

MFP S2815dn, etc. are all Dell color laser printers. Many Dell printer products have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. D-Link AC2600(DIR-2640) Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link AC2600 is a wireless device produced by D-Link in Taiwan. D-Link AC2600 has security vulnerabilities

EA6900 is a router product of Belkin Company. Belkin's EA6900 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6100 is a router product of Belkin Company. Belkin's EA6100 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

TL-ER8820T is a new generation of high-performance 10-Gigabit enterprise router launched by TP-LINK. TP-LINK TL-ER8820T has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

EA9200 is a router product of Belkin Company. Belkin's EA9200 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided