VARIoT IoT vulnerabilities database

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services. RG-EG Easy Gateway web management system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC 11 has a binary vulnerability, which can be exploited by attackers to cause a denial of service.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC 11 has a binary vulnerability, which can be exploited by attackers to cause a denial of service.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. The RG-RAC200b wireless controller has a command execution vulnerability, which can be exploited by an attacker to gain server control authority.

Tenda AC11 is a wireless router that uses RTOS operating system. Shenzhen Jixiang Tengda Technology Co., Ltd. AC 11 has a binary vulnerability, which can be exploited by attackers to cause a denial of service.

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. NGINX Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. NGINX has a security vulnerability before 1.13.6. The vulnerability stems from the fact that when the autoindex module encounters this file, it will cause an integer overflow. ========================================================================== Ubuntu Security Notice USN-5109-1 October 18, 2021 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: A security issue was fixed in nginx. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker could possibly use this issue to cause a denial of service or other unspecified impact. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm2 Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5109-1 CVE-2017-20005

Chengdu Feiyuxing Technology Co., Ltd. is a company dedicated to providing intelligent and easy-to-use network communication products and services, continuously improving the quality of network use through innovative technologies, and cooperating with users to create an intelligent and user-friendly network management platform. The Feiyuxing enterprise-level intelligent online behavior management system has logic flaws and loopholes. Attackers can use vulnerabilities to bypass account passwords and directly log in to the management background to obtain sensitive information.

China Consumer Cloud Technology Co., Ltd. is an enterprise that invests in the construction and operation of smart city safety emergency service projects based on the Internet of Things, cloud computing, and big data. The smart city safety emergency service projects cover emergency response, public security, safety supervision, fire protection, environmental protection, Medical, health and epidemic prevention, natural disasters and other fields are the core components of smart cities/safe cities. China Consumer Cloud Technology Co., Ltd.'s fire-fighting first-level platform has logic flaws and loopholes. Attackers can use this vulnerability to obtain sensitive information.

China Insurance Technology Group provides full system security services ranging from security systems to smart security management, monitoring, and fire protection. It can be combined with graphic control software, monitoring and access control integration solutions, biotechnology identification systems, computer fire extinguishing systems, and alarm systems for different needs of customers. And all-in-one card integration services. A weak password vulnerability exists in Zhongbao Infinite Router. The attacker uses a weak password to log in to the background to obtain sensitive information.

Established in 2005, UTEPO is an industrial communication and intelligent Internet of Things solution provider with "Internet and Electricity Speed Connection" technology as the core. Based on technological innovation, it is a smart park, smart security, smart city, Provide smart IoT solutions in fields such as smart agriculture and smart manufacturing. UTP UTP-R3050-5GP has weak password vulnerability. Attackers can use weak passwords to log in to the system to obtain sensitive information.

Chengdu Feiyuxing Technology Co., Ltd. is a company dedicated to providing intelligent and easy-to-use network communication products and services, continuously improving the quality of network use through innovative technologies, and cooperating with users to create an intelligent and user-friendly network management platform. Feiyuxing enterprise-level intelligent online behavior management system has command execution loopholes. An attacker can use this vulnerability to gain server permissions.

Vigor 2912 is a high-performance firewall router product for small and medium-sized enterprises. DrayTek Vigor2912 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

The business of Anhui Saida Technology Co., Ltd. focuses on the smart cloud video industry, relying on the network of communication operators, adopting a new generation of information technology to create a "cloud video application engine", focusing on the research and development of big data application platforms and smart terminal products, and providing professional Comprehensive information solutions effectively support various livelihood applications in smart cities, and empower smart homes, government affairs, agriculture, ecology, the Internet of Things, information security and other industries. There are arbitrary file reading vulnerabilities in the video conferencing terminal of Sida Technology Cloud Vision. Attackers can use vulnerabilities to read arbitrary files on the server.

Vigor2922 is a high-performance Internet behavior management VPN router product for small and medium-sized enterprises. DrayTek Vigor2922 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Henan Pangu Technology Development Co., Ltd. is a professional enterprise organization that provides enterprises with network and information construction. The smart WIFI leader has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Hikvision is a video-centric intelligent IoT solution and big data service provider. A command execution vulnerability exists in the integrated security system of Hangzhou Hikvision Digital Technology Co., Ltd. An attacker can use this vulnerability to gain server permissions.

D-Link DIR-816 is a wireless router. D-Link DIR-816 has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. DLink Router DIR-895L MFC Contains a vulnerability in the plaintext storage of important information.Information may be obtained. D-Link DIR-895L MFC is a wireless router produced by D-Link in Taiwan. DLink DIR-895L MFC v1.21b05 has an information disclosure vulnerability

Opzoon Technology Co., Ltd. (English: Opzoon) is a world-leading provider of cloud computing data center solutions and the first high-tech enterprise in China to establish an enterprise-level applied mathematics laboratory. Hanbo Technology Co., Ltd. PA-5500-U06 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera BB-ST162A and BB-ST162 have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.