VARIoT IoT vulnerabilities database
| VAR-202108-2288 | CVE-2021-22489 | plural Huawei Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202108-2287 | CVE-2021-22395 | plural Huawei Code injection vulnerabilities in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality
| VAR-202108-2286 | CVE-2021-22394 | plural Huawei Classic buffer overflow vulnerability in the product |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. EMUI , HarmonyOS , Magic UI Exists in a classic buffer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202108-2284 | CVE-2021-22441 | HarmonyOS Integer overflow vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. HarmonyOS Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202108-0726 | CVE-2021-25447 | SmartThings Authentication vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with. Samsung SmartThings is an application from South Korea's Samsung that can connect to smart devices
| VAR-202108-0725 | CVE-2021-25446 | SmartThings Authentication vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with
| VAR-202108-0467 | CVE-2021-21738 | ZTE ZXIPTV cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>. ZXIPTV Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE ZXIPTV is a set-top box from ZTE.
ZTE ZXIPTV EAS_P version 5.06.04.09 has a cross-site scripting vulnerability. This vulnerability is caused by the application's lack of checksum of user input data to filter the input data. An attacker can exploit this vulnerability to lure users to click on a link containing a malicious request, causing code to be executed on the client side to steal user cookie credentials
| VAR-202108-1018 | CVE-2021-23849 | plural Bosch Cross-site request forgery vulnerability in product |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. plural Bosch Product Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202108-2413 | No CVE | Unauthorized access vulnerability exists in HP LaserJet 400 colorMFP M475dn printer |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hewlett-Packard (Hewlett-Packard, referred to as HP) is one of the information technology (IT) companies, founded in 1939, HP is headquartered in Palo Alto, California, USA. HP has three business groups: Information Products Group, Printing and Imaging Systems Group, and Enterprise Computer Professional Services Group.
HP LaserJet 400 colorMFP M475dn has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202108-2421 | No CVE | An unauthorized access vulnerability exists in the cloud patrol system of Beijing Landhua Electronic Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Beijing Landwell Electronic Technology Co., Ltd. (abbreviated as Landwell), established all independent intellectual property rights and independent brand "LANDWELL" mobile automatic identification products; built RFID key intelligent management system, GPRS patrol inspection system research and development , Manufacturing, sales and system integration of high-tech enterprises.
An unauthorized access vulnerability exists in the cloud patrol system of Beijing Landhua Electronic Technology Co., Ltd. Attackers can use vulnerabilities to construct requests through interface documents to obtain sensitive information.
| VAR-202108-1804 | CVE-2021-36764 | CODESYS Gateway In NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
| VAR-202108-2324 | No CVE | Datang Telecom’s AC centralized management platform has a weak password vulnerability (CNVD-2021-46909) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Datang Telecom Technology Co., Ltd. is a high-tech enterprise controlled by the Institute of Telecommunications Science and Technology (Datang Telecom Technology Industry Group). Datang Telecom has formed four major industrial sectors: integrated circuit design, software and application, terminal design, and mobile Internet .
Datang Telecom’s AC centralized management platform has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.
| VAR-202108-2326 | No CVE | Hangzhou Hikvision System Technology Co., Ltd. DS-SAG200 has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core.
Hangzhou Hikvision System Technology Co., Ltd. DS-SAG200 has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.
| VAR-202108-2328 | No CVE | NETGEAR R8000 has a binary vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
NETGEAR R8000 is a gigabit router.
NETGEAR R8000 has a binary vulnerability. Attackers can use the vulnerability to cause stack overflow.
| VAR-202108-2420 | No CVE | Konica Minolta printers have weak password vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Both bizhub C364 and bizhub C280 are color printers launched by Konica Minolta.
Many Konica Minolta printers have weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.
| VAR-202108-2423 | No CVE | Panasonic Electric (China) Co., Ltd. Network Camera WV-SF138 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Matsushita Electric (China) Co., Ltd. Network Camera WV-SF138 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2424 | No CVE | Panasonic Electric (China) Co., Ltd. Network Camera WV-SF332 has an unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities.
Matsushita Electric (China) Co., Ltd. Network Camera WV-SF332 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202108-2538 | No CVE | Denver smart wifi camera shc-150telnet command execution vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Denve is a European supplier of consumer electronics products.
Denver smart wifi camera shc-150telnet command execution vulnerability, attackers can use this vulnerability to execute arbitrary code.
| VAR-202108-1803 | CVE-2021-36763 | CODESYS V3 web server Vulnerability in externally accessible files or directories in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties
| VAR-202108-0734 | CVE-2021-27952 | ecobee3 lite Vulnerability in Using Hard Coded Credentials |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. ecobee3 lite Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Ecobee Ecobee3 Lite is a Wi-Fi smart thermostat from Ecobee, Canada.
Ecobee Ecobee3 Lite has security vulnerabilities