VARIoT IoT vulnerabilities database

Advantech WebAccess is an HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess of Advantech Technology (China) Co., Ltd. has a file upload vulnerability, which can be exploited by attackers to gain control of the server.

Brother DCP-L2540DW is a multi-function laser/LED printer. Brother (China) Commercial Co., Ltd. Brother DCP-L2540DW series has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

NUUO is a company specializing in the production of Network Video Recorders (NVRs). NUUO Network Video Recorder has a logic flaw vulnerability that can be exploited by attackers to modify account passwords without authorization.

NBR800G is a router for Internet behavior management. Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR800G has an arbitrary file write vulnerability, which can be exploited by attackers to obtain server permissions.

AG515 is a high-performance gateway device suitable for small and medium-sized enterprises and large office environments. AG515 of Beijing Xingwang Ruijie Network Technology Co., Ltd. has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

The M2085FW is a black and white laser multifunction printer with printing, copying, scanning and faxing functions. Samsung (China) Investment Co., Ltd. SANSUNG has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands.

Zhejiang Dahua Technology Co., Ltd. is a global leading video-centric smart IoT solution provider and operation service provider. There is a SQL injection vulnerability in the DSS of Zhejiang Dahua Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information in the database.

D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments, supporting up to 4 Internet ports and up to 4 LAN ports. D-Link DI-8100 has a binary vulnerability that can be exploited by attackers to cause a denial of service.

C430W is a laser printer. Samsung (China) Investment Co., Ltd. C430W has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.

FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.

FH451 is a router produced by Tenda Company, with a maximum transmission rate of 450Mbps and supports WDS wireless bridging. Shenzhen Jixiang Tenda Technology Co., Ltd. FH451 has a binary vulnerability, which can be exploited by attackers to cause denial of service.

SNC-RX570N is a network camera. Sony SNC-RX570N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

M6700DW is a black and white laser multifunction printer. P2500NW is a black and white laser single-function printer. BM5100ADW is a black and white laser multifunction printer. CM1100DW is a color laser multifunction printer. ‌ Many printer products of Zhuhai Pantum Printing Technology Co., Ltd. have a logic defect vulnerability, which can be exploited by attackers to obtain sensitive information.

DWR-M961 is a router. D-Link DWR-M961 has a stack overflow vulnerability, which can be exploited by attackers to cause the program to crash.

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. TOTOLINK of a950rg Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A950RG is a super-generation Giga wireless router from China's TOTOLINK Electronics. Attackers can exploit this vulnerability to execute arbitrary commands

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. WAVLINK of WL-WN530H4 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. WAVLINK WL-WN530H4 is a high-performance USB wireless network card from WAVLINK, China, that supports 802.11ac dual-band Wi-Fi

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to access routers and other network resources

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro has an information leakage vulnerability that can be exploited by attackers to collect credentials for authentication