VARIoT IoT vulnerabilities database
| VAR-202108-1370 | CVE-2021-39614 | D-Link DVX-2000MS Vulnerability in using hard-coded credentials in |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. D-Link DVX-2000MS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DVX-2000MS is a piece of hardware used in IP phone systems from D-Link in Taiwan
| VAR-202108-1369 | CVE-2021-39613 | D-Link DVG-3104MS Vulnerability in using hard-coded credentials in |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DVG-3104MS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DVG-3104MS is a gateway of D-Link in Taiwan
| VAR-202108-2515 | No CVE | TopGate500 of TOPGate Technology Group has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Established in 1995, TOPSEC Technology Group is the first domestic network security company. Today, it has become a leading provider of network security, big data and cloud services in China.
TopGate500 of TOPGate Technology Group has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
| VAR-202108-2516 | No CVE | An information disclosure vulnerability exists in the streaming media management server of Hangzhou Hikvision Digital Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services.
An information disclosure vulnerability exists in the streaming media management server of Hangzhou Hikvision Digital Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2517 | No CVE | Hikvision network gateway has logic flaws and vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services.
Hikvision's networking gateway has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2518 | No CVE | Hikvision network gateway has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric intelligent IoT solution and big data service provider.
Hikvision's networking gateway has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2522 | No CVE | ZTE smart router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE is the world's leading provider of integrated communications and information solutions, providing innovative technology and product solutions for global telecom operators, government and enterprise customers, and consumers.
ZTE Smart Router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2502 | No CVE | Dell C3765dnf Color MFP has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
C3765dnf Color MFP is a color laser printer from Dell.
Dell C3765dnf Color MFP has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2503 | No CVE | Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. T83-CV102 entrance and exit license plate recognition high-definition network integrated camera has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. is a leading R&D and manufacturer of smart parking smart terminal equipment in China.
Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. T83-CV102 entrance and exit license plate recognition high-definition network integrated camera has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202108-2519 | No CVE | Sharp Trading (China) Co., Ltd. MX-4070V has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MX-4070V is a printer product of Sharp Trading (China) Co., Ltd.
Sharp Trading (China) Co., Ltd. MX-4070V has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2523 | No CVE | Sapido GR-1733 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Sapido GR-1733 is a gigabit wireless router.
Sapido GR-1733 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.
| VAR-202108-2535 | No CVE | Unauthorized access vulnerability exists in Axis P5624-E Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
P5624-E Network Camera is a network camera.
Axis P5624-E Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2548 | No CVE | An information disclosure vulnerability exists in the backup management server of Hangzhou Hikvision Digital Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core.
An information disclosure vulnerability exists in the backup management server of Hangzhou Hikvision Digital Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2504 | No CVE | Xindu (Qingdao) Office System Co., Ltd. SINDOH A601_A606 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Xindu (Qingdao) Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales.
Xindu (Qingdao) Office System Co., Ltd. SINDOH A601_A606 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2509 | No CVE | Hikvision backup management server has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hikvision is a video-centric intelligent IoT solution and big data service provider.
Hikvision's backup management server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2510 | No CVE | A directory traversal vulnerability exists in the backup management server of Hangzhou Hikvision Digital Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hikvision is a video-centric intelligent IoT solution and big data service provider.
The backup management server of Hangzhou Hikvision Digital Technology Co., Ltd. has a directory traversal vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2513 | No CVE | Xindu (Qingdao) Office System Co., Ltd. SINDOH A603_A608 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Xindu (Qingdao) Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales.
Xindu (Qingdao) Office System Co., Ltd. SINDOH A603_A608 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2514 | No CVE | RICOH Aficio MP 301 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh generally refers to Ricoh. Ricoh (Ricoh) is a famous Japanese manufacturer of office equipment and optical machines and a Fortune 500 company in the world.
RICOH Aficio MP 301 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2520 | No CVE | Unauthorized access vulnerability exists in Epson (China) Co., Ltd. L565 Series printer |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Epson (China) Co., Ltd. is a company whose business includes printers, scanners, projectors and other information-related products business, electronic components business, and industrial automation equipment business.
The Epson (China) Co., Ltd. L565 Series printer has an unauthorized access vulnerability. Attackers can use the vulnerability to access unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2524 | No CVE | Litian Transcend Technology (Shenzhen) Co., Ltd. Brickstream 3D has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Litian Transcend Technology (Shenzhen) Co., Ltd. (E tag for short) is a solution provider in Shenzhen.
Litian Transcend Technology (Shenzhen) Co., Ltd. Brickstream 3D has an unauthorized access vulnerability. Attackers can use this vulnerability to access unauthorized access to obtain sensitive information and perform unauthorized operations.