VARIoT IoT vulnerabilities database
| VAR-202108-2310 | No CVE | Tenda enterprise router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service.
Tenda enterprise routers have weak password vulnerabilities. Attackers use weak passwords to log in to the background to obtain sensitive information.
| VAR-202108-1810 | CVE-2021-3633 | Lenovo Driver Management Vulnerability regarding uncontrolled search path elements in |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. Lenovo Driver Management Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Lenovo Driver Management is a Lenovo power management driver for Windows 10, 8.1, 8, 7 (32-bit, 64-bit) from Lenovo, China
| VAR-202108-2309 | No CVE | Ruijie Networks Co., Ltd. RG_NBR900G has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RG_NBR900G is a wireless router.
Ruijie Networks Co., Ltd. RG_NBR900G has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2528 | No CVE | Cape gooseberry router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shenzhen Zhizhi High-tech Development Co., Ltd. was established in September 2013. It is a high-tech enterprise with independent intellectual property rights, professional R&D, production and sales of smart smart homes.
The Cape gooseberry router has weak password vulnerabilities. Attackers use weak passwords to log in to the background to obtain sensitive information.
| VAR-202108-1930 | CVE-2021-3707 | D-Link DSL-2750U unauthorized modification configuration vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. An attacker can use this vulnerability to modify the configuration without authorization
| VAR-202108-1931 | CVE-2021-3708 | D-Link DSL-2750U OS command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. D-Link DSL-2750U is a wireless N 300 ADSL2+ modem router. Attackers can use this vulnerability and combine other vulnerabilities to execute arbitrary operating system commands
| VAR-202108-0444 | CVE-2020-4992 | IBM DataPower Gateway Cross-site request forgery vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. Vendor exploits this vulnerability IBM X-Force ID: 192737 It is published as.Information may be tampered with
| VAR-202108-1864 | CVE-2021-36282 | Dell EMC PowerScale OneFS Vulnerability in using uninitialized resources in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS
| VAR-202108-1863 | CVE-2021-36281 | Dell EMC PowerScale OneFS Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)
| VAR-202108-1862 | CVE-2021-36280 | Dell EMC PowerScale OneFS Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster
| VAR-202108-1860 | CVE-2021-36279 | Dell EMC PowerScale OneFS Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to access privileged information about the cluster
| VAR-202108-1859 | CVE-2021-36278 | Dell EMC PowerScale OneFS Vulnerability regarding information leakage from log files in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A log information disclosure vulnerability exists in Dell EMC PowerScale OneFS due to the fact that a malicious actor with ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE privileges could gain access to privileged information
| VAR-202108-0554 | CVE-2021-0114 | plural Intel(R) Processor Firmware initialization vulnerabilities |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. plural Intel(R) Processor There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202108-0517 | CVE-2021-21599 | Dell EMC PowerScale OneFS In OS Command injection vulnerability |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS that allows users using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE to escalate privileges and evade compliance guarantees
| VAR-202108-0513 | CVE-2021-21595 | Dell EMC PowerScale OneFS Command injection vulnerability in |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)
| VAR-202108-0512 | CVE-2021-21594 | Dell EMC PowerScale OneFS In GET Vulnerability regarding information leakage from query string in request |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS
| VAR-202108-0511 | CVE-2021-21592 | Dell EMC PowerScale OneFS Vulnerability in handling exceptional conditions in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)
| VAR-202108-0404 | CVE-2021-21568 | Dell EMC PowerScale OneFS Vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS Exists in unspecified vulnerabilities.Information may be tampered with. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS where users authenticated through the ISI PRIV LOGIN PAPI can make unaudited and untraceable configuration changes to settings that their role has permission to change
| VAR-202108-2306 | No CVE | Tenda AC9 has a denial of service vulnerability (CNVD-2021-51322) |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Tenda AC9 is a wireless router with gigabit Ethernet port launched by Shenzhen Jixiang Tenda Technology Co., Ltd.
Tenda AC9 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202108-2311 | No CVE | Sangfor Technology Co., Ltd. MIG 5.3 has a command execution vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Sangfor Technology Co., Ltd. is a provider of products, services and solutions focusing on enterprise-level security, cloud computing and infrastructure.
Sangfor Technology Co., Ltd. MIG 5.3 has a command execution vulnerability, which can be exploited by attackers to gain server control rights.