VARIoT IoT vulnerabilities database

Secoway USG2160BSR is a firewall of Huawei Technologies Co., Ltd., Huawei SRG3230 is a gateway, and Huawei SRG1220 is a router of Huawei Technologies Co., Ltd. Many Huawei products have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

ER5100 is a high-performance gigabit downstream router. ER5200G2 is a new generation of enterprise-class gigabit high-performance router. GR5200 is a new generation of high-performance enterprise-class routers. Many products of New H3C Technology Co., Ltd. have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

SRG1220w is a router. HUAWEI SRG1220w has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

SRG2210 is a router. HUAWEI SRG2210 has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

ER6300 is a high-performance all-gigabit dedicated router for Internet cafes launched by H3C. The H3C ER6300 router has a weak password vulnerability. Attackers can use this vulnerability to log in to the router background to obtain sensitive information.

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request. Tenda AC11 The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Tenda AC11 is an AC1200 dual-band Gigabit WiFi router

WX3520H is an enterprise-level operating wireless controller. New H3C Technology Co., Ltd. WX3520H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

WX2540H is a wireless controller. New H3C Technology Co., Ltd. WX2540H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The MSR series router is an enterprise-level router of Xinhua Three Technology Co., Ltd. Many H3C MSR series routers have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

H3C WX3510H, H3C WX2510H, H3C WX3508H, H3C WX3540H are wireless controllers of H3C Technology Co., Ltd. Several wireless controller products of New H3C Technology Co., Ltd. have weak password vulnerabilities, which can be exploited by attackers to obtain sensitive information.

TL-WR841HP is a 300Mbps, high-power wireless router. Universal Technology Co., Ltd. TL-WR841HP has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

TL-WR940N is a wireless router. The TL-WR940N of Universal Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

WX2560H is a gateway wireless controller independently developed by New H3C Technology Co., Ltd. New H3C Technology Co., Ltd. WX2560H has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

The H3C Xiaobei router is an enterprise-level router dedicated to shops. The H3C Beckham router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

H3C WAC380-30 is a gateway wireless controller independently developed by New H3C Technology Co., Ltd. H3C WAC380-30 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks Co., Ltd. is a company that uses new technologies such as cloud computing, SDN, mobile internet, big data, and the Internet of Things to provide end-to-end solutions for users in various industries. RG-UAC Ruijie's unified online behavior management and audit system has a logic flaw vulnerability. Attackers can use this vulnerability to modify the administrator password.

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN. ASUS GT-AC2900 There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The ASUS GT-AC2900 is a router from the Chinese company ASUS (ASUS)