VARIoT IoT vulnerabilities database

SPAM SQR mail security gateway is a new generation mail filtering system that separates spam and threat mail, and provides differentiated behavior management functions. Shou Nei An Information Technology (Shanghai) Co., Ltd. SPAM SQR mail security gateway has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Janitza UMG604 is a power quality analyzer. Janitza UMG604 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. Eclipse Californium Exists in a digital signature verification vulnerability.Information may be tampered with. Eclipse Californium is a Java-based code library of the Eclipse Foundation that provides Coap back-end support for the Internet of Things. Eclipse Californium has a data forgery vulnerability. The following products and versions are affected: Eclipse Californium 2.0.0 to 2.6.4 versions, Eclipse Californium 3.0.0-M1 to 3.0.0-M3 versions

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. TOTOLINK A702R Exists in unspecified vulnerabilities.Information may be tampered with. TOTOLINK A702r is a router device from China TOTOLINK Company. The TOTOLINK A702r has a security vulnerability that stems from the product's login page not adding effective permission controls to directory access

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is a wireless router product from Taiwan TOTOLINK Company

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Totolink TOTOLINK A3002RU is a wireless router product from Totolink Company in Taiwan, China. TOTOLINK A3002R V1.1.1-B20200824 has a cross-site scripting vulnerability, which is caused by the lack of proper authentication of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router. There is a cross-site scripting vulnerability in ddns.htm in TOTOLINK A3002R 1.1.1-B20200824

Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. TOTOLINK A3002R Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TOTOLINK A3002RU is a wireless router product from Taiwan TOTOLINK Company. There is a cross-site scripting vulnerability in TOTOLINK A3002RU, which is caused by the lack of effective validation of client data in the function of the product to modify the Description and Service Name fields. An attacker could use this vulnerability to execute client-side code

TP-LINK Technology Co., Ltd. (hereinafter referred to as "TP-LINK") is a supplier of network communication equipment. The TP-LINK Video Surveillance, Management and Storage Integrated Machine of Prolink Technology Co., Ltd. has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. The network gateway of Hangzhou Hikvision Digital Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use the vulnerability to obtain sensitive information.

SINDOH P411_P416 is a printer. SINDOH P411_P416 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

SINDOH D410 is a printer. SINDOH D410 has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

IVMS-8201E-NCG is a carrier-grade networking gateway device that integrates signaling gateway services, media gateway services, security authentication, authority management, log management, and network management functions. It can realize video based on GB/T 28181-2011 networking standards Cascade and interconnection between monitoring platforms. Hangzhou Hikvision Digital Technology Co., Ltd. IVMS-8201E-NCG has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.

Beijing Wanwei Yingchuang Technology Development Co., Ltd. is committed to the R&D and application of products and technologies in the field of environmental protection Internet of Things. It is an enterprise integrating R&D, production and sales. Beijing Wanwei Yingchuang Technology Development Co., Ltd. pollution source online monitoring system has SQL injection vulnerabilities, attackers can use vulnerabilities to obtain database sensitive information.

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

Null pointer dereference in SuiteLink server while processing command 0x07. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow. TP-Link Wireless N Router WR840N Exists in a vulnerability related to the leakage of resources to the wrong area.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Null pointer dereference in SuiteLink server while processing command 0x0b. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999