VARIoT IoT vulnerabilities database

Axis is an IT company that specializes in providing network video solutions. Axis P1425-LE-Network-Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. plural huawei There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch of China's Huawei (Huawei) company. Huawei CloudEngine 6800 is a 6800 series of 10 Gigabit Ethernet switches for data centers from China's Huawei

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DSR-500N Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSR-500N is a wireless router produced by D-Link in Taiwan. D-Link DSR-500N has a security vulnerability. The vulnerability stems from the fact that version 1.02 of D-Link DSR-500N contains hard-coded credentials for user accounts that are not documented in the "etc/passwd" file. An attacker can use this vulnerability to successfully recover the plaintext password that identifies the hash value

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01. AVEVA Provided by the company SuiteLink Server The following multiple vulnerabilities exist in. * Heap-based buffer overflow (CWE-122) - CVE-2021-32959 ‥ * NULL Pointer reference (CWE-476) - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 ‥ * Improper handling of exception conditions (CWE-755) - CVE-2021-32999The expected impact depends on each vulnerability, but if a specific command process is executed by a remote third party, it may be affected as follows. Twice * Execution of arbitrary code or disruption of service operation ( DoS ) Be in a state - CVE-2021-32959 ‥ * Denial of service ( DoS ) Be in a state - CVE-2021-32963 , CVE-2021-32971 , CVE-2021-32979 , CVE-2021-32987 , CVE-2021-32999

D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. D-Link DVX-2000MS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DVX-2000MS is a piece of hardware used in IP phone systems from D-Link in Taiwan

D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DVG-3104MS Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DVG-3104MS is a gateway of D-Link in Taiwan

Established in 1995, TOPSEC Technology Group is the first domestic network security company. Today, it has become a leading provider of network security, big data and cloud services in China. TopGate500 of TOPGate Technology Group has a command execution vulnerability, which can be exploited by attackers to gain control of the server.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. An information disclosure vulnerability exists in the streaming media management server of Hangzhou Hikvision Digital Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hikvision's networking gateway has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric intelligent IoT solution and big data service provider. Hikvision's networking gateway has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

ZTE is the world's leading provider of integrated communications and information solutions, providing innovative technology and product solutions for global telecom operators, government and enterprise customers, and consumers. ZTE Smart Router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

C3765dnf Color MFP is a color laser printer from Dell. Dell C3765dnf Color MFP has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. is a leading R&D and manufacturer of smart parking smart terminal equipment in China. Shenzhen Qianhai Huaxia Zhixin Data Technology Co., Ltd. T83-CV102 entrance and exit license plate recognition high-definition network integrated camera has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

MX-4070V is a printer product of Sharp Trading (China) Co., Ltd. Sharp Trading (China) Co., Ltd. MX-4070V has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Sapido GR-1733 is a gigabit wireless router. Sapido GR-1733 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

P5624-E Network Camera is a network camera. Axis P5624-E Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. An information disclosure vulnerability exists in the backup management server of Hangzhou Hikvision Digital Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.

Xindu (Qingdao) Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales. Xindu (Qingdao) Office System Co., Ltd. SINDOH A601_A606 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Hikvision is a video-centric intelligent IoT solution and big data service provider. Hikvision's backup management server has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Hikvision is a video-centric intelligent IoT solution and big data service provider. The backup management server of Hangzhou Hikvision Digital Technology Co., Ltd. has a directory traversal vulnerability. Attackers can use the vulnerability to obtain sensitive information.