VARIoT IoT vulnerabilities database

TL-ER8820T is a new generation of high-performance 10-Gigabit enterprise router launched by TP-LINK. TP-LINK TL-ER8820T has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

EA6300 is a router product of Belkin Company. Belkin's EA6300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA6350 is a router product of Belkin Company. Belkin's EA6350 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. Enphase Envoy Is vulnerable to the use of hard-coded credentials.Information may be obtained. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has a trust management vulnerability

EA6400 is a router product of Belkin Company. Belkin's EA6400 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US Contains an improper authentication vulnerability.Information may be obtained and information may be tampered with. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided

WRT1900ACS is a router product of Belkin Company. Belkin's WRT1900ACS has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA7300 is a router product of Belkin Company. Belkin's EA7300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

Shanghai Jinhongge International Trade Co., Ltd. is a company whose main business is the distribution of embedded controllers. Many products of Shanghai Jinhongge International Trade Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.

EA6100 is a router product of Belkin Company. Belkin's EA6100 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6900 is a router product of Belkin Company. Belkin's EA6900 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

MFP S2815dn, etc. are all Dell color laser printers. Many Dell printer products have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).Vulnerability Category Count SMM Privilege Escalation 10 SMM Memory Corruption 12 DXE Memory Corruption 1CVE-2020-27339 Affected CVE-2020-5953 Affected CVE-2021-33625 Affected CVE-2021-33626 Affected CVE-2021-33627 Affected CVE-2021-41837 Affected CVE-2021-41838 Affected CVE-2021-41839 Affected CVE-2021-41840 Affected CVE-2021-41841 Affected CVE-2021-42059 Affected CVE-2021-42060 Not Affected CVE-2021-42113 Affected CVE-2021-42554 Affected CVE-2021-43323 Affected CVE-2021-43522 Affected CVE-2021-43615 Not Affected CVE-2021-45969 Not Affected CVE-2021-45970 Not Affected CVE-2021-45971 Not Affected CVE-2022-24030 Not Affected CVE-2022-24031 Not Affected CVE-2022-24069 Not Affected CVE-2022-28806 Unknown. Insyde InsydeH2O Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. TP-Link TL-WPA4220 Contains a vulnerability in the plaintext storage of important information.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. No detailed vulnerability details are currently provided

Prolink Technology Co., Ltd. is the world's leading supplier of network communication equipment. The TL-R402M router has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer component for remote access that could allow an unauthenticated attacker to cause a denial-of-service condition, and/or execution of limited configuration modifications and/or execution of limited control commands on the SINAMICS Medium Voltage Products, Remote Access (SINAMICS SL150: All versions, SINAMICS SM150: All versions, SINAMICS SM150i: All versions). SINAMICS SL150 , SINAMICS SM150 , SINAMICS SM150i Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Zero Vision Technology serves customers with video technology and is committed to simplifying the development of Internet of Things video. Zero Vision Technology (Shanghai) Co., Ltd. H5S video platform has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Tianrongxin Technology Group (abbreviated as Tianrongxin) is a provider of network security, big data and cloud services. TopGate 200 (TG-21104-APP) has a command execution vulnerability. An attacker can use this vulnerability to gain server permissions.

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. TP-Link TL-WPA4220 Exists in an inadequate protection of credentials.Information may be obtained. Tp-link TP-Link TL-WPA4220 is a domestic wireless WiFi bridge that can extend wireless signal from China's Tp-link company. The device can transmit data at high speed through the line, and expand the network to areas that cannot be covered at present. TP-Link TL-WPA4220 has an information disclosure vulnerability, which originates from TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064. No detailed vulnerability details are currently provided