VARIoT IoT vulnerabilities database

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. TOTOLINK A720R There is a vulnerability in the firmware regarding the lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Totolink A720R is a wireless router from Totolink, a Taiwanese company. TOTOLINK A720R has a command execution vulnerability, which originates from an improper design or implementation in the code development process of the network system

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. TOTOLINK A720R There is an unspecified vulnerability in the firmware.Information may be obtained. Totolink A720R is a wireless router from Totolink, a Taiwanese company. The TOTOLINK A720R has a security vulnerability that stems from a network system or product that does not properly restrict resource access from unauthorized roles

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. TOTOLINK A720R There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Totolink A720R is a wireless router from Totolink, a Taiwanese company. TOTOLINK A720R has an authorization issue vulnerability in V4.1.5cu.470_B20200911. This vulnerability originates from the improper implementation of the form login function in the software version

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability. EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality

There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration. EMUI , HarmonyOS , Magic UI Exists in a classic buffer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. HarmonyOS Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with. Samsung SmartThings is an application from South Korea's Samsung that can connect to smart devices

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>. ZXIPTV Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE ZXIPTV is a set-top box from ZTE. ZTE ZXIPTV EAS_P version 5.06.04.09 has a cross-site scripting vulnerability. This vulnerability is caused by the application's lack of checksum of user input data to filter the input data. An attacker can exploit this vulnerability to lure users to click on a link containing a malicious request, causing code to be executed on the client side to steal user cookie credentials

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera. plural Bosch Product Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Hewlett-Packard (Hewlett-Packard, referred to as HP) is one of the information technology (IT) companies, founded in 1939, HP is headquartered in Palo Alto, California, USA. HP has three business groups: Information Products Group, Printing and Imaging Systems Group, and Enterprise Computer Professional Services Group. HP LaserJet 400 colorMFP M475dn has an unauthorized access vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

Beijing Landwell Electronic Technology Co., Ltd. (abbreviated as Landwell), established all independent intellectual property rights and independent brand "LANDWELL" mobile automatic identification products; built RFID key intelligent management system, GPRS patrol inspection system research and development , Manufacturing, sales and system integration of high-tech enterprises. An unauthorized access vulnerability exists in the cloud patrol system of Beijing Landhua Electronic Technology Co., Ltd. Attackers can use vulnerabilities to construct requests through interface documents to obtain sensitive information.

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition. CODESYS Gateway for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Datang Telecom Technology Co., Ltd. is a high-tech enterprise controlled by the Institute of Telecommunications Science and Technology (Datang Telecom Technology Industry Group). Datang Telecom has formed four major industrial sectors: integrated circuit design, software and application, terminal design, and mobile Internet . Datang Telecom’s AC centralized management platform has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a smart IoT solution provider and operation service provider with video as the core. Hangzhou Hikvision System Technology Co., Ltd. DS-SAG200 has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

NETGEAR R8000 is a gigabit router. NETGEAR R8000 has a binary vulnerability. Attackers can use the vulnerability to cause stack overflow.

Both bizhub C364 and bizhub C280 are color printers launched by Konica Minolta. Many Konica Minolta printers have weak password vulnerabilities. The attacker uses a weak password to log in to the background to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera WV-SF138 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Matsushita Electric (China) Co., Ltd. is a manufacturer mainly responsible for the sales and after-sales service activities of home appliances, systems, environment, components and other commodities. Matsushita Electric (China) Co., Ltd. Network Camera WV-SF332 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.