VARIoT IoT vulnerabilities database
| VAR-202106-2033 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-NBS2026G has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
RG-NBS2026G is a switch launched by Beijing Xingwang Ruijie Network Technology Co., Ltd.
Beijing Xingwang Ruijie Network Technology Co., Ltd. RG-NBS2026G has a command execution vulnerability, which can be used by attackers to execute arbitrary commands.
| VAR-202106-2042 | No CVE | Sangfor Technology Co., Ltd. S5100 and P5100 have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
S5100 and P5100 are hardware gateway products of Sangfor Technology Co., Ltd.
Sangfor Technology Co., Ltd. S5100 and P5100 have a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2043 | No CVE | Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV24 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shandong Bit Intelligent Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production and sales.
Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV24 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2035 | No CVE | Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. NBG-418N has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NBG-418N is a wireless router device launched by Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd.
Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. NBG-418N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2302 | No CVE | Many products of Pulian Technology Co., Ltd. have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TL-IPC223, etc. are all network camera products of Prolink Technology Co., Ltd.
Many products of Prolink Technology Co., Ltd. have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2032 | No CVE | Tenda micro-enterprise integrated gateway has logic flaws and loopholes |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The micro-enterprise integrated gateway is a VPN router under the Tenda brand.
Tenda Micro-enterprise integrated gateway has a logic flaw vulnerability, which can be used by attackers to gain unauthorized access.
| VAR-202106-2036 | No CVE | Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV8 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shandong Bit Intelligent Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production and sales.
Shandong Bit Intelligent Technology Co., Ltd. Lim-SW5PV8 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1098 | CVE-2021-35973 | NETGEAR WAC104 Authentication vulnerability in device |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). NETGEAR WAC104 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. NETGEAR WAC104 is a wireless access point (AP) from Netgear
| VAR-202106-1819 | CVE-2021-22376 | Huawei HarmonyOS Security hole |
CVSS V2: 7.2 CVSS V3: 8.4 Severity: HIGH |
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws. Successful exploitation of this vulnerability could compromise service confidentiality, availability, and integrity
| VAR-202106-1796 | CVE-2021-22326 | Huawei HarmonyOS Security hole |
CVSS V2: 6.6 CVSS V3: 7.1 Severity: HIGH |
A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have a security flaw that stems from incorrect permission assignments. This vulnerability could affect service confidentiality
| VAR-202106-0621 | CVE-2021-22323 | Huawei Smartphone Security hole |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have security flaws
| VAR-202106-0616 | CVE-2021-22354 | Huawei smartphone security breach |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company
| VAR-202106-0615 | CVE-2021-22353 | Huawei smartphone buffer error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There is a security vulnerability in Huawei smartphones
| VAR-202106-0614 | CVE-2021-22352 | Huawei smartphone processing logic error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0613 | CVE-2021-22351 | Huawei smartphone trust management issue vulnerability |
CVSS V2: 5.5 CVSS V3: 8.1 Severity: HIGH |
There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0612 | CVE-2021-22350 | Huawei smartphone buffer error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0611 | CVE-2021-22349 | Huawei smartphone input verification error vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. An attacker could exploit this vulnerability to cause a system reboot. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0610 | CVE-2021-22348 | Huawei smartphone buffer error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0609 | CVE-2021-22346 | Huawei smartphone security breach |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There are security vulnerabilities in several Huawei SmartPhone, which stems from the lack of effective permissions and access control measures in the products. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
| VAR-202106-0608 | CVE-2021-22345 | Huawei smartphone input verification error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1