VARIoT IoT vulnerabilities database
| VAR-202106-2133 | No CVE | Unauthorized access vulnerability exists in Belkin Router |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Belkin is a supplier in the aftermarket, providing power, protection, production, connectivity, audio, security and home automation solutions for a wide range of consumer electronics and corporate environments.
Belkin Router has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202106-1208 | CVE-2021-33539 | plural Weidmueller Industrial WLAN Authentication vulnerability in device |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. plural Weidmueller Industrial WLAN There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany. Attackers can use this vulnerability to bypass Web authentication
| VAR-202106-2305 | No CVE | OPPO Find x has an information disclosure vulnerability |
CVSS V2: 6.6 CVSS V3: - Severity: MEDIUM |
OPPO Find x is a smartphone launched by OPPO Guangdong Mobile Communications Co., Ltd.
OPPO Find x has an information disclosure vulnerability. An attacker can use a malicious APP to only need to apply for the read permission of commonly used external storage space, and then the content of the user's call can be monitored through the exposed component.
| VAR-202106-1219 | CVE-2021-33535 | plural Weidmueller Industrial WLAN Device string formatting vulnerabilities |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany. Attackers can use this vulnerability to cause remote code execution
| VAR-202106-1217 | CVE-2021-33533 | plural Weidmueller Industrial WLAN In the device OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1215 | CVE-2021-33531 | plural Weidmueller Industrial WLAN Vulnerability in using hard-coded credentials on devices |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany.
Weidmueller Industrial WLAN devices have a trust management vulnerability
| VAR-202106-2159 | No CVE | NETGEAR WNDR3400v2 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WNDR3400v2 router is a wireless router device.
The NETGEAR WNDR3400v2 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2147 | No CVE | AXIS Q1755 Network Camera has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions. It is the global market leader in network video, driving the transition from analog to digital video surveillance. Axis' monitoring products and solutions are based on an open and innovative technology platform, dedicated to security monitoring and remote monitoring.
AXIS Q1755 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2148 | No CVE | Finetree 5MP Network Camera has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
5MP Network Camera is a camera product.
Finetree 5MP Network Camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2158 | No CVE | NETGEAR WNR3500L router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NETGEAR WNR3500L router is a wireless router device.
The NETGEAR WNR3500L router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2146 | No CVE | AXIS Q1604 Network Camera has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions. It is the global market leader in network video, driving the transition from analog to digital video surveillance. Axis' monitoring products and solutions are based on an open and innovative technology platform, dedicated to security monitoring and remote monitoring.
AXIS Q1604 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2135 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36511) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2144 | No CVE | NETGEAR WNR2020 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WNR2020 router is a wireless router device.
The NETGEAR WNR2020 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2162 | No CVE | TRENDnet TV-IP302PI has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TRENDnet is one of the world's major data network professional manufacturers, headquartered in Silicon Valley, USA, and has many branches in Europe and the United States.
TRENDnet TV-IP302PI has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2150 | No CVE | NETGEAR WNR1000v3 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WNR1000v3 router is a wireless router device.
The NETGEAR WNR1000v3 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2156 | No CVE | NETGEAR WNR2000v3 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WNR2000v3 router is a wireless router device.
The NETGEAR WNR2000v3 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2152 | No CVE | NETGEAR WNDR4300 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NETGEAR WNDR4300 router is a wireless router device.
The NETGEAR WNDR4300 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2163 | No CVE | TRENDnet TV-IP651WI has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TRENDnet is one of the world's major data network professional manufacturers, headquartered in Silicon Valley, USA, and has many branches in Europe and the United States.
TRENDnet TV-IP651WI has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2160 | No CVE | NETGEAR WNDR3300 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NETGEAR WNDR3300 router is a wireless router device.
The NETGEAR WNDR3300 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2143 | No CVE | Bihaiwei L7 cloud router wireless operation version has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Bihaiwei L7 Cloud Router is a router launched by Beijing Bihaiwei Technology Co., Ltd.
Bihaiwei L7 cloud router wireless operation version has weak password vulnerability. Attackers can use this vulnerability to log in to the system backend to obtain sensitive information