VARIoT IoT vulnerabilities database

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. ACRN Is vulnerable to the use of freed memory.Denial of service (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. ACRN is an open source virtual machine monitor for the Internet of Things. No detailed vulnerability details are currently provided

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. ACRN Is vulnerable to the use of freed memory.Denial of service (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided. The version of Acrn-hypervisor before 2.5 has a security vulnerability, which is caused by using unknown input to manipulate parameters, which can cause memory corruption

An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. ACRN Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ACRN is an open source project released by the Linux Foundation, which is a management program designed for the Internet of Things and embedded devices. No detailed vulnerability details are currently provided

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. plural Zyxel There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Axis is an IT company that specializes in providing network video solutions. AXIS 212 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

New H3C Technology Co., Ltd. is a new IT solution provider, committed to becoming the most reliable partner for customer business innovation and digital transformation. The main products are routers, big data, switches, Internet of Things, cloud computing, servers, etc. The H3C SecPath operation and maintenance audit system has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Founded in 1987, Huawei Technologies Co., Ltd. is the world's leading provider of ICT (information and communications) infrastructure and smart terminals. Huawei Technologies Co., Ltd. S5700 series switches have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. - CVE-2021-32981 It was * Not properly validating that data or communication origin is valid - CVE-2021-32985 It was * Not verifying digital signatures on data, or verifying them incorrectly - CVE-2021-32977. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently provided

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently available

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. AVEVA Provided by the company AVEVA System Platform contains multiple vulnerabilities: * Lack of authentication for critical features (CWE-306) - CVE-2021-33008 It was * Problems with not handling exceptions (CWE-248) - CVE-2021-33010 It was * Path traversal (CWE-22) - CVE-2021-32981 It was * Same-origin policy violation (CWE-346) - CVE-2021-32985 It was * Improper verification of digital signatures (CWE-347) - CVE-2021-32977The expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party on an adjacent network may be able to execute arbitrary code with system privileges. - CVE-2021-33008 It was * Service operation obstruction by a remote third party (DoS) state - CVE-2021-33010 It was * The input value that specifies a file or directory under an access-restricted directory is not processed properly, allowing a remote third party to access a directory outside the access-restricted directory. - CVE-2021-32981 It was * Not properly validating that data or communication origin is valid - CVE-2021-32985 It was * Not verifying digital signatures on data, or verifying them incorrectly - CVE-2021-32977. AVEVA System Platform is an application software of British AVEVA company. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. No detailed vulnerability details are currently provided

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. Huawei Smartphone is a smartphone of the Chinese company Huawei (Huawei)

NBG-418N is a wireless router device launched by Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. NBG-418N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

BRICS Communication Technology is the world's leading provider of online video solutions. The Brickcom FB-200Np camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Shandong Bit Intelligent Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production and sales. Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV8 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.