VARIoT IoT vulnerabilities database
| VAR-202106-2270 | No CVE | Tenda AC11 has a denial of service vulnerability (CNVD-2021-33391) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
AC11 is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes.
Tenda AC11 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202106-2276 | No CVE | Tenda AC11 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
AC11 is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes.
Tenda AC11 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202106-2329 | No CVE | Shanghai China Consumer Network Technology Co., Ltd. fire protection platform has logic flaws and loopholes |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
China Consumer Online Co., Ltd., former name/alias: Shanghai China Consumer Network Technology Co., Ltd., the company is committed to creating industry standards for fire safety, industry standards for fire safety products, standards for smart fire Internet +" One-stop technical operation solutions to promote the innovation of fire safety models and the intelligentization of science and technology.
Shanghai China Consumer Network Technology Co., Ltd. fire-fighting first-level platform has a logic flaw vulnerability. Attackers can use this vulnerability to bypass login to obtain sensitive information.
| VAR-202106-2286 | No CVE | TP-LINK AC1200 Archer C5 has logic flaws and vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
AC1200 Archer C5 is a dual-band wireless router.
TP-LINK AC1200 Archer C5 has a logic flaw vulnerability. Attackers can use this vulnerability to modify the password.
| VAR-202106-2284 | No CVE | Panasonic Electric (China) Co., Ltd. Network Camera BB-SW175A has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Matsushita Electric (China) Co., Ltd. Network Camera BB-SW175A has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2289 | No CVE | D-Link DIR-615 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link DIR-615 is a wireless router made by D-Link in Taiwan.
D-Link DIR-615 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2274 | No CVE | D-Link DIR-100 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link DIR-100 is a SOHO broadband router.
D-Link DIR-100 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2285 | No CVE | Bosch (China) Investment Co., Ltd. VRM has an unauthorized access vulnerability (CNVD-2021-33408) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business scope of Bosch (China) Investment Co., Ltd. includes investment in machinery manufacturing, light industry, electronics and information industries.
Bosch (China) Investment Co., Ltd. VRM has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2281 | No CVE | Unauthorized access vulnerability exists in MOBOTIX M25 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MOBOTIX is a world-renowned network camera technology leader. It has been producing pure megapixel cameras for many years and is listed as a global market leader.
MOBOTIX M25 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1391 | CVE-2021-34679 | Thycotic Password Reset Server information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Attackers can use vulnerabilities to disclose credentials
| VAR-202106-2272 | No CVE | Tenda AC11 has a denial of service vulnerability (CNVD-2021-33390) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
AC11 is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes.
Tenda AC11 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202106-1604 | CVE-2021-25402 | Samsung Notes Vulnerability in insecure storage of important information in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: Low |
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Samsung Notes There is a vulnerability in the insecure storage of important information.Information may be obtained
| VAR-202106-1607 | CVE-2021-25405 | Samsung Notes Authentication Vulnerability in Microsoft |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Samsung Notes Contains an improper authentication vulnerability.Information may be obtained. Samsung Notes is a Notes series smart phone product of South Korea's Samsung (Samsung) company
| VAR-202106-1622 | CVE-2021-25420 | Galaxy Watch Vulnerability regarding information leakage from log files in plugins |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Samsung Galaxy Apps is a pre-installed app store program for Samsung mobile devices of South Korea's Samsung (Samsung)
| VAR-202106-0546 | CVE-2021-22768 | PowerLogic EGX100 and PowerLogic EGX300 Input confirmation vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767. ** Not supported ** This is a vulnerability in an unsupported product. PowerLogic EGX100 and PowerLogic EGX300 There is an input verification vulnerability in. This vulnerability is CVE-2021-22767 Is a different vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Schneider Electric PowerLogic is an industrial control equipment of French Schneider Electric (Schneider Electric). Provide improved power factor to improve power quality, eliminate power failures, thereby protecting the network, devices and operators
| VAR-202106-2275 | No CVE | Tenda AC11 has a denial of service vulnerability (CNVD-2021-33392) |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
AC11 is a dual-band wireless router developed by Shenzhen Jixiang Tengda Technology Co., Ltd., which is specially designed for large-scale households and is suitable for use in 200M and above fiber optic homes.
Tenda AC11 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202106-1381 | CVE-2021-34540 | Advantech WebAccess Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
| VAR-202106-2287 | No CVE | D-Link DIR-600 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link DIR-600 is a wireless router produced by D-Link in Taiwan.
D-Link DIR-600 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2279 | No CVE | AXIS M1014 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M1014 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1606 | CVE-2021-25404 | SmartThings Vulnerability in insecure storage of important information in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. SmartThings There is a vulnerability in the insecure storage of important information.Information may be obtained