VARIoT IoT vulnerabilities database

Tenda AC15 is a wireless router product. Tenda AC15 has a binary vulnerability, which can be exploited by an attacker to cause a denial of service attack.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") was founded in 1999. It is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda router has a binary vulnerability. Attackers can construct specific ‘index’ parameters to execute arbitrary code using this vulnerability.

There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal. ManageOne Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Huawei Manageone is a set of cloud data center management solutions of China Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. The Ruijie Internet of Things platform has a weak password vulnerability. Attackers can use this vulnerability to log in to the website management background and perform arbitrary administrator operations.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie IoT platform has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.

Anhui Xieda Software Technology Co., Ltd. was established on May 16, 2008. The legal representative Ru Caifeng, the company's business scope includes: software and mobile Internet application technology development in the field of information technology, technical consulting, technical services, cloud platform and application technology development, cloud video surveillance platform development and technical maintenance, and Internet of Things applications Development and integration, communication system development and integration, computer information system integration, computer automation system integration, security monitoring system integration, computer software and hardware and auxiliary equipment, electronic equipment, video monitoring equipment, Internet of Things equipment, communication equipment, electronic product sales, network engineering , Communication Engineering, etc. Anhui Xieda Software Technology Co., Ltd. Xieda OA has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

D-Link Technology Co., Ltd. was established in 1986, focusing on the design and development of computer network equipment. D-Link DCS-4622 has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. ZXCDN Contains an information disclosure vulnerability.Information may be obtained. ZTE ZXCDN IAMWEB is an identity authentication product of China ZTE Corporation (ZTE)

Tongling Jinshidai Technology Co., Ltd. is an enterprise that combines the Internet of Things and information technology with waste sorting and processing. There is a SQL injection vulnerability in the intelligent garbage classification management system, which can be exploited by attackers to obtain sensitive information in the database.

Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. Mikrotik RouterOs Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. Mikrotik RouterOs prior to 6.47 has a security vulnerability, which stems from a memory corruption vulnerability in the /nova/bin/lcdstat process

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Tenda router management platform has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Founded in 1987, Huawei is the world's leading provider of ICT (information and communications) infrastructure and smart terminals. A weak password vulnerability exists in the management page of Huawei RG2220 router. The attacker uses a weak password to log in to the background to obtain sensitive information.

TP_LINK-TD-W8901G is a wireless router. TP_LINK-TD-W8901G has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. InvoicePlane Contains vulnerabilities in externally accessible files or directories.Information may be obtained. InvoicePlane is an application software. Provide a self-hosted open source application for managing your quotes, invoices, customers and payments. InvoicePlane version 1.5.11 has a path traversal vulnerability

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). Ubiquiti UniFi Video There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack. D-Link Router model DIR-842 There is an observable mismatch vulnerability in the firmware.Information may be tampered with. D-Link DIR-842 is a home router produced by Taiwan D-Link Technology Co., Ltd

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. WordPress is a blogging platform developed by the Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A WordPress plugin is an open source application plugin for WordPress