VARIoT IoT vulnerabilities database

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks EG Easy Gateway has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Chengdu Zhifeng Technology Co., Ltd. was established in October 2016. It is an emerging high-tech company integrating R&D, production and sales. The enterprise-level flow control cloud router of Chengdu Zhifeng Technology Co., Ltd. has a logic flaw vulnerability, which can be used by attackers to obtain sensitive information.

The business scope of Guangdong Tianchen Network Technology Co., Ltd. includes: computer software and hardware technology development and sales; Internet and mobile Internet software products technology development and sales; mobile communication equipment and software design, etc. Vivo mobile phone interface has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

The IoT smart water meter monitoring platform is a smart water meter monitoring platform developed by Shandong Kede Electronics Co., Ltd. It has functions such as water account opening, payment management, data reporting and water meter management. Shandong Kede Electronics Co., Ltd. has an unauthorized access vulnerability in the IoT smart water meter monitoring platform. Attackers can use this vulnerability to read user information without authorization, and perform unauthorized operations on water charge recharge, user management and other related functions.

Shenzhen Wanwang Broadcom Investment Management Limited Partnership (Limited Partnership) (hereinafter referred to as TG Wanwang Broadcom) is committed to the development and application of network communication products and IoT security management and control platforms. It is the next generation of weak current intelligent network solutions and the Internet of Things Security solution manufacturer. The holographic AI network operation and maintenance platform of Shenzhen Wanwang Broadcom Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services. Ruijie Networks Co., Ltd. RG-MA1220 has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.). Emissary-Ingress ( Old Ambassador API Gateway) Contains a certificate validation vulnerability.Information may be tampered with. Emissary-Ingress is an open source Kubernetes native API gateway for microservices built by Envoy proxy

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks Co., Ltd. RG-ISG has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Belkin Corporation is a global leader in peripheral products, providing users of computer, digital and mobile products with innovative connection technologies. The LCAD03FLN series has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie NBR router has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Belkin Corporation is a global leader in peripheral products, providing users of computer, digital and mobile products with innovative connection technologies. The LCAD03VLNOD series has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Baiwei Tongda Technology Co., Ltd. is a supplier dedicated to providing leading network solutions for Internet cafes, communities, hotels, enterprises, and public Internet places. The BYTEVALUE intelligent flow control router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Youku Tudou Roubao is a smart router. Youku Tudou Roubao has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. Samsung FactoryCameraFB is a system application of Samsung Corporation. Samsung Mobile FactoryCameraFB has an access control error vulnerability

Xiaoxin XY300 projector is a home, portable mini projector. The Lenovo Xiaoxin XY300 projector has a directory traversal vulnerability, which can be exploited by attackers to obtain sensitive information.

HG220G-U is a fiber optic modem of China United Network Communications Group Co., Ltd. China United Network Communications Group Co., Ltd. HG220G-U has an unauthorized access vulnerability. Attackers can use this vulnerability to construct a specific URL request to open the telnet service without authorization.

WS5302 is a wireless controller. Beijing Starnet Ruijie Networks Technology Co., Ltd. WS5302 has an arbitrary file download vulnerability. Attackers can use this vulnerability to download bin files and obtain sensitive information.

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Samsung Messages is an application for Samsung mobile devices. Provides a tool that comes pre-installed by default on all its official devices. Samsung Message has an information disclosure vulnerability. The vulnerability stems from the lack of appropriate protection permissions in the product's SmsViewerActivity component. An attacker can exploit this vulnerability to access the Message file