VARIoT IoT vulnerabilities database

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-8840T has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located. Circutor SGE-PLC1000 There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology. The Circutor SGE-PLC1000 firmware version 0.9.2b has an authorization issue vulnerability

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.

Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-W8101G has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.

3COM is an American company that produces and sells products related to computer networks. 3COM NJ2000 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-8817 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. SGE-PLC1000 The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Circutor SGE-PLC1000 is a smart metering system equipment. The main function is to manage the mains power through CIRWATT meters or other meters using PRIME technology. There is an operating system command injection vulnerability in the Circutor SGE-PLC1000 0.9.2b firmware version

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-W8968 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

HP ENVY 5530 is an A4 inkjet all-in-one printer from HP. HP ENVY 5530 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-W8960N has weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.

RSR10-02E is a multi-service router launched by Ruijie Networks Co., Ltd. Ruijie Networks Co., Ltd. RSR10-02E has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is the world's leading supplier of network communication equipment. TP-LINK TD-8816 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

TP-Link TD-W8951ND is a wireless router product. TP-LINK TD-W8951ND has weak password leakage. , Attackers use the vulnerability to obtain sensitive information.

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. plural Citrix The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Citrix Application Delivery Controller (ADC) is an application delivery controller. Nim, etc. are all products of the Nim (Nim) community. Nim is a statically typed programming language. There are resource management error vulnerabilities in many Citix products. This vulnerability originates from improper management of system resources by network systems or products. Attackers can use this vulnerability to cause denial of service

RG-RAC200b is a wireless controller. RG-RAC200b has a command execution vulnerability, which can be exploited by attackers to gain server control authority.