VARIoT IoT vulnerabilities database

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. An attacker can use this vulnerability to modify the configuration without authorization

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. Attackers can use this vulnerability and combine other vulnerabilities to execute arbitrary operating system commands

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. Vendor exploits this vulnerability IBM X-Force ID: 192737 It is published as.Information may be tampered with

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A log information disclosure vulnerability exists in Dell EMC PowerScale OneFS due to the fact that a malicious actor with ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE privileges could gain access to privileged information

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to escalate privileges and evade compliance guarantees

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS Exists in unspecified vulnerabilities.Information may be tampered with. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS where users authenticated through the ISI PRIV LOGIN PAPI can make unaudited and untraceable configuration changes to settings that their role has permission to change

Tenda AC9 is a wireless router with gigabit Ethernet port launched by Shenzhen Jixiang Tenda Technology Co., Ltd. Tenda AC9 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure. Sangfor Technology Co., Ltd. MIG 5.3 has a command execution vulnerability, which can be exploited by attackers to gain server control rights.

Kyan is a network monitoring device. Kyan network monitoring equipment has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

RG-NBR800GW is an Internet behavior management router launched by Ruijie. It is a router designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR800GW has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

RG-NBR700W is an Internet behavior management router, which is specially designed for all office scenarios. Ruijie Networks Co., Ltd. RG-NBR700W has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

W908-A10000 is a wireless controller of ZTE Corporation. ZTE Corporation W908-A10000 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.