VARIoT IoT vulnerabilities database

DCME-520 is a new generation of high-performance Internet egress gateway launched by Digital China Network Co., Ltd. with multi-core high-performance processors, combined with dedicated ASIC switching chips, to meet the business needs of large-capacity users, multi-flow, and multi-service types. Beijing Digital China Cloud Technology Co., Ltd. DCME-520 has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

The HP Photosmart 5520 series is a mid-range inkjet printer. The HP Photosmart 5520 series has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

The business scope of Epson (China) Co., Ltd. mainly includes printers, scanners, projectors and other information-related products business, electronic components business, and industrial automation equipment business. Many printers of Epson (China) Co., Ltd. have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

Hewlett-Packard Trading (Shanghai) Co., Ltd. is a company whose business scope includes computer software and hardware equipment, printing equipment, imaging equipment, and communication equipment. The HP PageWide Pro 477dw MFP has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Hewlett-Packard Trading (Shanghai) Co., Ltd. is a company whose business scope includes computer equipment, printing equipment, imaging equipment, electronic products and related parts and components of the above-mentioned products. The HP Color LaserJet MFP M281fdw has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Hewlett-Packard Trading (Shanghai) Co., Ltd. is a company whose business scope includes computer equipment, printing equipment, imaging equipment, electronic products and related parts and components of the above-mentioned products. The HP LaserJet M605 has a weak password vulnerability. Attackers use a weak password to log in to the background to obtain sensitive information.

Samsung C1810 Series is a printer of Samsung (China) Investment Co., Ltd. Samsung C1810 Series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Samsung C145x Series is a printer of Samsung (China) Investment Co., Ltd. Samsung C145x Series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Samsung C140x Series is a printer of Samsung (China) Investment Co., Ltd. Samsung C140x Series has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

MX-2314N is a printer of Sharp Trading (China) Co., Ltd. Sharp Trading (China) Co., Ltd. MX-2314N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

MX-2640N is a printer of Sharp Trading (China) Co., Ltd. Sharp Trading (China) Co., Ltd. MX-2640N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. D-Link DIR-615 C2 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-615 is a wireless router made by D-Link in Taiwan. D-Link DIR-615 has a security vulnerability, which is caused by incorrectly verifying the data boundary when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system. ProLink PRC2402M Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ProLink PRC2402M is a router of Singapore ProLink company. The set_TR069 function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and earlier versions has a command injection vulnerability

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. ProLink PRC2402M Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ProLink PRC2402M is a router of Singapore ProLink company. The set_ledonoff function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and earlier versions has a command injection vulnerability

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system. ProLink PRC2402M Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ProLink PRC2402M is a router of Singapore ProLink company

In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. ProLink PRC2402M Contains a vulnerability in the password management function.Information may be obtained. ProLink PRC2402M is a router of Singapore ProLink company. The set_sys_init function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and earlier versions has an information disclosure vulnerability

A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. HarmonyOS Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state

HG6145D is a gigabit passive optical fiber access user equipment (GPON ONU) under Fiberhome Communication Technology Co., Ltd. Wuhan Fiberhome Information Integration Technology Co., Ltd. HG6145D has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Schneider Electric (China) Co., Ltd. is a leader in the field of global energy efficiency management. The main business includes power, industrial automation, infrastructure, energy efficiency, energy, building automation and security electronics, data centers and smart living spaces and other business areas. Schneider Electric (China) Co., Ltd. PowerLogic ION7550 has an unauthorized access vulnerability. Attackers can use this vulnerability to gain unauthorized access to obtain sensitive information and perform unauthorized operations.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. The Tenda Roteador Multilaser 1200AC device has an unauthorized access vulnerability. Attackers can use the vulnerability to access the device management page to obtain sensitive information.