VARIoT IoT vulnerabilities database
| VAR-202108-2506 | No CVE | Lexmark MB2236adw has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark (NYSE: LXK) is an American company that is a developer and manufacturer of laser printers and a provider of content management software. Its main service targets are commercial users.
Lexmark MB2236adw has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2507 | No CVE | Lexmark B2338dw has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark (NYSE: LXK) is an American company that is a developer and manufacturer of laser printers and a provider of content management software. Its main service targets are commercial users.
Lexmark B2338dw has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2508 | No CVE | Ricoh (China) Investment Co., Ltd. RICOH Aficio series printers have unauthorized access vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Ricoh (China) Investment Co., Ltd. RICOH Aficio series printers have an unauthorized access vulnerability. Attackers can use this vulnerability to access unauthorized access to obtain sensitive information and perform unauthorized operations.
| VAR-202108-2511 | No CVE | Unauthorized access vulnerability exists in TENDA 11N wireless router |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment.
The TENDA 11N wireless router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2577 | No CVE | Samsung (China) Investment Co., Ltd. SL-M4020ND has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, Samsung Electro-Mechanics, etc.
Samsung (China) Investment Co., Ltd. SL-M4020ND has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2578 | No CVE | Huawei Technologies Co., Ltd. HG8240 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Huawei HG8240 is an optical modem router integrated machine with routing function.
Huawei Technologies Co., Ltd. HG8240 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2579 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
NBR6210-E is an enterprise router launched by Ruijie Networks Co., Ltd.
Beijing Xingwang Ruijie Network Technology Co., Ltd. NBR6210-E has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.
| VAR-202108-2581 | No CVE | Realme Q3 5G has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
realme provides young users around the world with high-quality mobile phones and AIoT products with leapfrog performance and trendy design.
Realme Q3 5G has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2501 | No CVE | TP-LINK TL-R406 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TP-LINK TL-R406 is a SOHO router that provides three access methods: dynamic IP, static IP and PPPoE. It supports both ADSL line users and residential broadband users.
TP-LINK TL-R406 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-1585 | CVE-2021-38543 | TP-Link UE330 USB Vulnerabilities in splitter devices |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. The TP-Link UE330 USB is a ported USB 3.0 hub
| VAR-202108-2317 | No CVE | PRTG Network Monitor has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
PRTG Network Monitor is a computer network monitor that can monitor network computers, routers, switches, firewalls, database servers, etc.
PRTG Network Monitor has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.
| VAR-202108-2473 | No CVE | Unauthorized access vulnerabilities exist in various products of Ricoh (China) Ricoh (China) Investment Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Many products of Ricoh (China) Investment Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.
| VAR-202108-2344 | No CVE | Ricoh (China) Investment Co., Ltd. MP C3004ex has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MP C3004ex is a color digital copier.
Ricoh (China) Investment Co., Ltd. MP C3004ex has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2346 | No CVE | Ricoh (China) Investment Co., Ltd. MP C2004ex has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MP C2004ex is a digital copier.
Ricoh (China) Investment Co., Ltd. MP C2004ex has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2347 | No CVE | Ricoh (China) Investment Co., Ltd. MP 402SPF has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Ricoh (China) Investment Co., Ltd. MP 402SPF has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2536 | No CVE | Ricoh (China) Investment Co., Ltd. RICOH MP C6004ex has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MP C6004ex is a color digital copier.
Ricoh (China) Investment Co., Ltd. MP C6004ex has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2537 | No CVE | Ricoh (China) Investment Co., Ltd. MP C307 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ricoh (China) Investment Co., Ltd. provides office image processing equipment (such as MFPs, printers, etc.), production digital printers, etc., such as document output management services and IT solutions.
Ricoh (China) Investment Co., Ltd. MP C307 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2583 | No CVE | TPN-2G gateway console has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shanghai Andatong Information Security Technology Co., Ltd. is a high-tech enterprise founded in Pudong Zhangjiang Hi-tech Park on February 8, 2002. The company is specialized in VPN security gateways, VPN network management platforms, identity authentication and network behavior management systems. R&D vendors.
The TPN-2G gateway console has a weak password vulnerability. Attackers use weak passwords to log in to the background to obtain sensitive information.
| VAR-202108-1044 | CVE-2021-28845 | plural TRENDnet In the product NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. plural TRENDnet The product has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. TRENDnet TEW-755AP, etc. are all routers of Trendnet
| VAR-202108-0942 | CVE-2021-31655 | TRENDnet TV-IP110WN Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. TRENDnet TV-IP110WN Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with