VARIoT IoT vulnerabilities database
| VAR-202108-2313 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. EG Easy Gateway has an arbitrary file reading vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage.
Beijing StarNet Ruijie Networks Technology Co., Ltd. EG Easy Gateway has an arbitrary file reading vulnerability. Attackers can use this vulnerability to obtain sensitive system information.
| VAR-202108-2477 | No CVE | Ricoh (China) Investment Co., Ltd. RICOH Aficio MP C305 has an unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Ricoh (China) Investment Co., Ltd. RICOH Aficio MP C305 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2336 | No CVE | Unauthorized access vulnerability exists in Axis 233D Network Dome Camera |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
233D is a network camera.
Axis 233D Network Dome Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2505 | No CVE | Dell Color MFP S2825cdn has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Dell Color MFP S2825cdn is a printer device.
Dell Color MFP S2825cdn has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2561 | No CVE | Honeywell (China) Co., Ltd. Hybrid Alarm Receiver (Professional Edition) has SQL injection vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Honeywell (China) Co., Ltd. is a part of Honeywell International, a diversified, high-tech advanced manufacturing company.
Honeywell (China) Co., Ltd. Hybrid Alarm Receiver (Professional Edition) has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive information in the database.
| VAR-202108-2573 | No CVE | NNETGEAR GS748Tv5 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR GS748Tv5 is a Gigabit Ethernet switch.
NNETGEAR GS748Tv5 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2337 | No CVE | Shenzhen Cyberspace Technology Co., Ltd. iSCS has a SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
iSCS is an all-in-one access control machine.
Shenzhen Cyberspace Technology Co., Ltd. iSCS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information in the database.
| VAR-202108-2529 | No CVE | NETGEAR GS724Tv4 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
GS724Tv4 is a 24-port Gigabit intelligent management professional switch with 2 SFP ports.
NETGEAR GS724Tv4 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-0119 | CVE-2020-18758 | Dut Computer Control Engineering Co. PLC MAC1100 Command injection vulnerability in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code. Dut Computer Control Engineering Co. PLC MAC1100 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MAC1100 PLC is an industrial control product PLC
| VAR-202108-0115 | CVE-2020-18753 | Dut Computer Control Engineering Co. PLC MAC1100 Vulnerability regarding lack of authentication in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. Dut Computer Control Engineering Co. PLC MAC1100 Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MAC1100 PLC is an industrial control product PLC.
There is a security loophole in MAC1100 PLC. Attackers can use this loophole to access the system and upgrade privileges through an elaborate package
| VAR-202108-0116 | CVE-2020-18754 | MAC1100 PLC Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. MAC1100 PLC is an industrial control product PLC. The control code in the PLC may be the company's core secret
| VAR-202108-0117 | CVE-2020-18756 | Dut Computer Control Engineering Co. PLC MAC1100 Out-of-bounds read vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area. Dut Computer Control Engineering Co. PLC MAC1100 Exists in an out-of-bounds read vulnerability.Information may be obtained. MAC1100 PLC is an industrial control product PLC.
There is a security loophole in the EPA protocol of MAC1100 PLC. Attackers can use this loophole to read the contents of arbitrary memory
| VAR-202108-0118 | CVE-2020-18757 | Dut Computer Control Engineering Co. PLC MAC1100 Vulnerability regarding lack of authentication in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. Dut Computer Control Engineering Co. PLC MAC1100 Exists in a vulnerability related to the lack of authentication.Service operation interruption (DoS) It may be in a state. MAC1100 PLC is an industrial control product PLC
| VAR-202108-1481 | CVE-2021-37344 | Nagios XI Switch Wizard In OS Command injection vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection). (DoS) It may be in a state
| VAR-202108-2338 | No CVE | Sharp Trading (China) Co., Ltd. MX-M316N has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sharp Trading (China) Co., Ltd. is a foreign-funded enterprise that distributes and wholesales household appliances, LCD TVs, air conditioners, mobile phones, printers and other products.
Sharp Trading (China) Co., Ltd. MX-M316N has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2339 | No CVE | Lexmark MC2425adw has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark (NYSE: LXK) is an American company that is a developer and manufacturer of laser printers and a provider of content management software. Its main service targets are commercial users.
Lexmark MC2425adw has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2340 | No CVE | Unauthorized access vulnerability exists in multiple printers of Ricoh (China) Investment Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Several printers of Ricoh (China) Investment Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to gain unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2341 | No CVE | Unauthorized access vulnerability exists in D430 of Xindu Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Xindu Co., Ltd. is not satisfied with Korea's earliest history of producing copiers and fax machines, and strives to become the world's best solution partner.
Xindu Co., Ltd. D430 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2342 | No CVE | HP LaserJet MFP M426fdw printer has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Hewlett-Packard (Hewlett-Packard, referred to as HP) is one of the information technology (IT) companies, founded in 1939 1. Headquartered in Palo Alto, California, USA. HP has three business groups: Information Products Group, Printing and Imaging Systems Group, and Enterprise Computer Professional Services Group.
The HP LaserJet MFP M426fdw printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2343 | No CVE | Lexmark CX517de has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark (NYSE: LXK) is an American company that is a developer and manufacturer of laser printers and a provider of content management software. Its main service targets are commercial users.
Lexmark CX517de has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.