VARIoT IoT vulnerabilities database
| VAR-202106-2337 | No CVE | Unauthorized access vulnerability exists in Dell B3460DN monochrome laser printer |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business scope of Dell (China) Co., Ltd. includes: manufacturing, assembling, researching and developing computer products, mobile phone products, network communication equipment (routers, switches, network data center products), etc.
The Dell B3460DN monochrome laser printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1478 | CVE-2021-29087 | Synology DiskStation Manager Traversal Vulnerability in Japan |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information may be tampered with. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1477 | CVE-2021-29086 | Synology DiskStation Manager Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1476 | CVE-2021-29085 | Synology DiskStation Manager Injection vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to injection.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1129 | CVE-2021-27649 | Synology DiskStation Manager Vulnerabilities in the use of freed memory |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-2087 | No CVE | EDIMAX N300 Wi-Fi router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EDIMAX N300 Wi-Fi is a 2.4G single-band wireless router of Xunzhou Technology Co., Ltd.
The EDIMAX N300 Wi-Fi router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2089 | No CVE | ZyXEL ADSL Router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ADSL is a broadband dial-up router equipment of ZyXEL Company.
ZyXEL ADSL Router has a weak password vulnerability. Attackers can use this vulnerability to log in to the background of the system and perform unauthorized operations.
| VAR-202106-2094 | No CVE | EDIMAX Wireless wireless router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EDIMAX Wireless is a 2.4G and 5G dual-band wireless router of Xunzhou Technology Co., Ltd.
The EDIMAX Wireless wireless router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2095 | No CVE | ZXHN F450A has logic flaw vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
ZTE Corporation is the world's leading provider of integrated communications solutions. The main products include: 2G/3G/4G/5G wireless base station and core network, IMS, fixed network access and bearer, optical network, chip, high-end router, smart switch, government and enterprise network, big data, cloud computing, data center, etc. .
ZXHN F450A has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2096 | No CVE | Panasonic Electric (China) Co., Ltd. Network Camera WV-SW174W has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Matsushita Electric (China) Co., Ltd. Network Camera WV-SW174W has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2097 | No CVE | Panasonic Electric (China) Co., Ltd. Network Camera WV-SW598 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Matsushita Electric (China) Co., Ltd. Network Camera WV-SW598 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2098 | No CVE | AXIS V5914 PTZ Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS V5914 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2099 | No CVE | AXIS 213 PTZ Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS 213 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2100 | No CVE | AXIS 214 PTZ Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS 214 PTZ Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2101 | No CVE | AXIS M3004 Network Camera has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS M3004 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2102 | No CVE | AXIS 5600+ has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
AXIS 5600+ has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2103 | No CVE | Unauthorized access vulnerability exists in HP-LaserJet series of HP Trading (Shanghai) Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HP-LaserJet series is a printer of Hewlett-Packard Trading (Shanghai) Co., Ltd.
China Hewlett-Packard Co., Ltd. HP-LaserJet series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2104 | No CVE | 3G/4G Router has information disclosure vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
3G/4G Router is a router device of Shenzhen Hongdian Technology Co., Ltd.
3G/4G Router has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2105 | No CVE | Unauthorized access vulnerability exists in Brickstream 1100 of American Phillie Company |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
FLIR Systems, Inc. is a company specializing in the design, development, production, marketing and promotion of professional technologies for enhancing situational awareness.
There is an unauthorized access vulnerability in Brickstream 1100, a US-based Philippine company. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202106-2106 | No CVE | Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda wireless router has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment.
Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda wireless router has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.