VARIoT IoT vulnerabilities database

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges. plural Huawei Smartphone products contain vulnerabilities related to double release.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. (DoS) It may be in a state

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. Dell PowerScale OneFS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Xiaodu Router is a smart router product launched by Baidu, which can transmit cloud data at will and supports remote download of audio and video resources. Xiaodu routing has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

Xiaodu Router is a smart router product launched by Baidu, which can transmit cloud data at will and supports remote download of audio and video resources. Xiaodu routing has unauthorized access vulnerabilities, and attackers can use vulnerabilities to obtain sensitive information.

Quanxun Huiju Network Technology (Beijing) Co., Ltd. was established in 2013. "Ikuai" and "iKuai" are the company's product brands, and "iKuic" is the company's overseas product brands. Quanxun Convergence Network Technology (Beijing) Co., Ltd. Aikuai flow control routing has a SQL injection vulnerability. Attackers can use the vulnerability to log in to the system and obtain sensitive information.

Xiaodu Router is a smart router product launched by Baidu, which can transmit cloud data at will and supports remote download of audio and video resources. There is a command execution vulnerability in the Xiaodu routing audio and video version, which can be exploited by attackers to gain server control rights.

Toshiba (China) Co., Ltd. is a company mainly engaged in Toshiba's four major business areas, including digital products, electronic components, social infrastructure, and household appliances. Toshiba (China) Co., Ltd. network cameras have an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android Q SDK V1.0 that could executable a malicious file to cause a system crash. R818 is a quad-core smart voice chip with screen. Zhuhai Allwinner Technology Co., Ltd. R818 has a binary vulnerability that can be exploited by attackers to cause a denial of service

Brother DCP-J940N is a laser printer. Brother (China) Commercial Co., Ltd. Brother DCP-J940N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of service). R818 is a quad-core smart voice chip with screen. Zhuhai Allwinner Technology Co., Ltd. R818 has a binary vulnerability that can be exploited by attackers to cause a denial of service

There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash or EoP. R818 is a quad-core smart voice chip with screen. Zhuhai Allwinner Technology Co., Ltd. R818 has a binary vulnerability that can be exploited by attackers to cause a denial of service

Hong Kong Broadband Network Limited is a leading provider of integrated telecommunications and technology solutions. Hong Kong Broadband Network Co., Ltd. IAD601D has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

The HP OfficeJet Pro 8210 is an all-in-one printer. HP OfficeJet Pro 8210 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak. ZTE Made residential gateway The product contains a link interpretation vulnerability.Information may be obtained. ZTE ZXHN H2640 is a home gateway device from China ZTE (ZTE). There is an information disclosure vulnerability in ZTE ZXHN H2640, which originates from errors in the configuration of network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information about the affected components

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. DELL Dell DBUtilDrv2.sys is a driver for Dell equipment of Dell (DELL)

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system

Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics. SAMSUNG K4250RX has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics. Samsung (China) Investment Co., Ltd. K4305LX has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Samsung (China) Investment Co., Ltd. is the headquarters of Samsung Group in China. As of the end of 2008, 20 of Samsung's more than 30 companies have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS, and Samsung Electro-Mechanics. Samsung (China) Investment Co., Ltd. K4350LX has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.