VARIoT IoT vulnerabilities database

H3C ER3100 is a high-performance VPN router, mainly positioned in the SMB market of Ethernet/optical/ADSL access and network environments such as government, corporate institutions, and Internet cafes. The H3C ER3100 VPN router has a binary vulnerability, which can be exploited by an attacker to gain control of the server.

GlassFish is a robust commercial compatible application server. GlassFish has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability

Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Synology Media Server is a media server. Synology Media Server versions prior to 1.8.3-2881 have a code problem vulnerability. The vulnerability stems from the Server-Server Request Forgery (SSRF) vulnerability of the cgi component

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks

Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Brand Verification Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Brand Verification Tool (BVT) is a tool used by Intel Corporation to test vPro and generate reports. After the test is passed, the customer can obtain the qualification to stick the vPro Logo by submitting the report

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. D-Link AC2600(DIR-2640) Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link AC2600 is a wireless device produced by D-Link in Taiwan. D-Link AC2600 has security vulnerabilities

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US Contains an improper authentication vulnerability.Information may be obtained and information may be tampered with. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. The serial number can be retrieved by an unauthenticated user at /info.xml. These passwords can be easily calculated by an attacker; users are unable to change these passwords. Enphase Envoy Is vulnerable to the use of hard-coded credentials.Information may be obtained. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has a trust management vulnerability

An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Enphase Envoy An unspecified vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Enphase Energy Envoy is a gateway device used to connect smart home devices from Enphase Energy in the United States. Enphase Energy Envoy has security vulnerabilities. No detailed vulnerability details are currently provided

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. D-Link DIR-2640-US Is vulnerable to an out-of-bounds write.Information is tampered with and denial of service (DoS) It may be put into a state. D-Link DIR-2640-US is a smart AC2600 high-power Wi-Fi gigabit router

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. D-Link DIR-2640-US Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

WRT1900ACS is a router product of Belkin Company. Belkin's WRT1900ACS has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6500 is a router product of Belkin Company. Belkin's EA6500 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA2700 is a router product of Belkin Company. Belkin's EA2700 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6400 is a router product of Belkin Company. Belkin's EA6400 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.

EA6300 is a router product of Belkin Company. Belkin's EA6300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA7300 is a router product of Belkin Company. Belkin's EA7300 has a weak password vulnerability. Attackers can use the vulnerability to log in to the system background and perform unauthorized operations.

EA6100 is a router product of Belkin Company. Belkin's EA6100 has a weak password vulnerability. Attackers can use this vulnerability to log in to the system background and perform unauthorized operations.