VARIoT IoT vulnerabilities database
| VAR-202106-2121 | No CVE | TopVPN6000 has command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Tianrongxin Technology Group (abbreviated as Tianrongxin) is a network security, big data and security cloud service provider.
TopVPN6000 has command execution vulnerabilities. An attacker can use this vulnerability to gain control of the server.
| VAR-202106-2123 | No CVE | Rockwell Automation/Allen-Bradley 1756-EN2T/D PLC has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Rockwell Automation/Allen-Bradley 1756-EN2T/D PLC is a programmable controller.
Rockwell Automation/Allen-Bradley 1756-EN2T/D PLC has a command execution vulnerability. An attacker can use this vulnerability to gain control of the website server.
| VAR-202106-2124 | No CVE | Information disclosure vulnerability exists in Huawei HG8245 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The HG8245 is a gateway-type home-side device for Huawei's FTTH solution. It uses G/EPON technology to achieve ultra-broadband access for home/SOHO users.
The Huawei HG8245 has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202106-2331 | No CVE | Tiandiweiye electronic proctoring system has weak password loopholes |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Tiandi Weiye is an intelligent security solution provider. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, it provides intelligent video products, system solutions and High-quality technical services.
Tiandiweiye electronic invigilation system has weak password loopholes. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2126 | No CVE | Ruijie Networks Co., Ltd. EG2000SE has a command execution vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc.
Ruijie Networks Co., Ltd. EG2000SE has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.
| VAR-202106-2322 | No CVE | Shenzhen Kexu Technology Co., Ltd. campus IoT intelligent management system has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The campus IoT intelligent management system can monitor and control all access devices in real time, centralized management, data statistics, and report presentation.
Shenzhen Kexu Technology Co., Ltd. campus IoT intelligent management system has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2164 | No CVE | China Telecom Tianyi broadband government-enterprise gateway A8C 8+8 AP has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Tianyi broadband government-enterprise gateway is a terminal product customized by China Telecom specifically for brand customers, providing enterprise network solutions.
Tianyi Broadband's government-enterprise gateway A8C 8+8 AP has a weak password vulnerability. Attackers use this vulnerability to obtain sensitive information.
| VAR-202106-2165 | No CVE | China Telecom Tianyi broadband government-enterprise gateway A8-B has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Tianyi broadband government-enterprise gateway is a terminal product customized by China Telecom specifically for brand customers, providing enterprise network solutions.
Tianyi Broadband's government-enterprise gateway A8-B has a weak password vulnerability. Attackers use this vulnerability to obtain sensitive information.
| VAR-202106-2167 | No CVE | Ruijie Networks NBR1300G-E has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks NBR1300G-E has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2168 | No CVE | Ruijie Networks NBR2100G-E has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks NBR2100G-E has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2169 | No CVE | Ruijie Networks EG2000SE has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000SE has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2170 | No CVE | Ruijie Networks EG2000CE has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000CE has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2171 | No CVE | Ruijie Networks EG2000K has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000K has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-1321 | CVE-2021-31664 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1320 | CVE-2021-31663 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1319 | CVE-2021-31662 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1318 | CVE-2021-31661 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1317 | CVE-2021-31660 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1668 | CVE-2021-32424 | TrendNet TW100-S4W1CA cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. TrendNet TW100-S4W1CA Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TrendNet TW100-S4W1CA is a four-port broadband router.
TrendNet TW100-S4W1CA version 2.3.32 has a cross-site request forgery vulnerability. The vulnerability stems from the lack of proper session control
| VAR-202106-1669 | CVE-2021-32426 | TrendNet TW100-S4W1CA cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. TrendNet TW100-S4W1CA Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TrendNet TW100-S4W1CA is a four-port broadband router.
TrendNet TW100-S4W1CA version 2.3.32 has a cross-site scripting vulnerability