VARIoT IoT vulnerabilities database
| VAR-202107-0298 | CVE-2021-20507 | IBM Jazz Foundation and IBM Engineering Cross-site scripting vulnerabilities in products |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235. Vendor exploits this vulnerability IBM X-Force ID: 198235 Is published as.Information may be obtained and information may be tampered with
| VAR-202107-1208 | CVE-2021-3550 | Lenovo PCManager Vulnerability in Uncontrolled Search Path Elements |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation. Lenovo PCManager There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Lenovo Pcmanager (Lenovo Computer Manager) is a software from China Lenovo Company that can comprehensively manage PC devices
| VAR-202107-1808 | No CVE | Unauthorized access vulnerabilities in multiple Dell printers |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Dell is known for its production, design, and sales of home and office computers, but it is also involved in the high-end computer market, producing and selling servers, data storage equipment, and network equipment.
Many Dell printers have unauthorized access vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information and perform unauthorized operations.
| VAR-202107-1809 | No CVE | Ruijie RG-UAC 6000-ISG video access security gateway has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RG-UAC 6000-ISG series video surveillance security gateway is a video surveillance network security reinforcement product independently developed by Ruijie Networks.
The RG-UAC 6000-ISG video access security gateway has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202107-1811 | No CVE | Unauthorized access vulnerabilities in multiple Fujifilm printers |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Fujifilm has developed into one of the world's largest manufacturers and suppliers of comprehensive imaging, information, and document processing products and services.
Unauthorized access vulnerabilities exist in many Fujifilm printers. Attackers can use vulnerabilities to obtain sensitive information and perform unauthorized operations.
| VAR-202107-1812 | No CVE | Lexmark T640 has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Lexmark T640 is a printer product.
Lexmark T640 has unauthorized vulnerabilities. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202107-1813 | No CVE | Unauthorized access vulnerability exists in Finetree-5MP-Network-Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Finetree-5MP-Network-Camera is a network camera.
Unauthorized access vulnerability exists in Finetree-5MP-Network-Camera. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202107-1814 | No CVE | Finetree 5MP Network Camera has logic flaw vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
5MP Network Camera is a camera product.
Finetree 5MP Network Camera has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1819 | No CVE | Information disclosure vulnerability exists in Meizu 16s pro |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
Meizu 16s pro is a smart phone produced by Zhuhai Meizu Technology Co., Ltd.
Meizu 16s pro has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202107-1867 | No CVE | OnePlus 8T has an information disclosure vulnerability |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
OnePlus 8T is a smart phone.
OnePlus8T has an information disclosure vulnerability. Attackers can use to obtain sensitive user information.
| VAR-202107-0022 | CVE-2020-12732 | DEPSTECH WiFi Digital Microscope 3 Vulnerability regarding insufficient protection of authentication information in |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. DEPSTECH WiFi Digital Microscope is a wifi industrial endoscope manufactured by Shenzhen Deep Sea Innovation Technology Co., Ltd., China
| VAR-202107-0024 | CVE-2020-12734 | DEPSTECH WiFi Digital Microscope 3 Vulnerability regarding insufficient protection of authentication information in |
CVSS V2: 4.8 CVSS V3: 8.1 Severity: HIGH |
DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Default settings. DEPSTECH WiFi Digital Microscope 3 There are vulnerabilities in inadequate protection of credentials.Information is tampered with and service operation is interrupted (DoS) It may be in a state. DEPSTECH WiFi Digital Microscope is a wifi industrial endoscope manufactured by Shenzhen Deep Sea Innovation Technology Co., Ltd., China
| VAR-202107-0021 | CVE-2020-12731 | Android for MagicMotion Flamingo 2 Vulnerability in plaintext storage of critical information in applications |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. MagicMotion Flamingo is a wearable vibrator produced by MagicMotion company in China. Attackers can use this vulnerability to make it read by other applications
| VAR-202107-0019 | CVE-2020-12729 | MagicMotion Flamingo information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. MagicMotion Flamingo 2 There is a vulnerability related to information leakage.Information may be obtained. MagicMotion Flamingo is a wearable vibrator produced by MagicMotion company in China
| VAR-202107-0020 | CVE-2020-12730 | MagicMotion Flamingo 2 Vulnerability regarding lack of encryption of critical data in |
CVSS V2: 2.9 CVSS V3: 5.3 Severity: MEDIUM |
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. MagicMotion Flamingo 2 There is a vulnerability in the lack of encryption of critical data.Information may be obtained. MagicMotion Flamingo is a wearable vibrator produced by MagicMotion company in China. Attackers can use this vulnerability to sniff data and forge data packets
| VAR-202107-0573 | CVE-2021-21587 | Dell Wyse Management Suite Vulnerability regarding information leakage in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery
| VAR-202107-0572 | CVE-2021-21586 | Wyse Management Suite Past traversal vulnerability in |
CVSS V2: 6.8 CVSS V3: 6.5 Severity: MEDIUM |
Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system
| VAR-202107-1688 | No CVE | Ruijie Networks Co., Ltd. EG Easy Gateway has a file upload vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage.
Ruijie Networks Co., Ltd. EG Easy Gateway has a file upload vulnerability. Attackers can use this vulnerability to gain control of the server.
| VAR-202107-1689 | No CVE | Bihaiwei L7 cloud router wireless operation version has a command execution vulnerability (CNVD-2021-41531) |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Bihaiwei L7 Cloud Road Wireless Operation Edition is a dedicated network equipment customized for commercial wireless managers such as hotels, resorts, shopping malls and stations. The device has multiple functions such as routing, firewall, flow control, wireless AC controller, and WeChat authentication.
Bihaiwei L7 cloud router wireless operation version has command execution vulnerabilities. Attackers can use this vulnerability to execute arbitrary system commands on the device and obtain device permissions.
| VAR-202107-1690 | No CVE | Guangzhou Tongjucheng Electronic Technology Co., Ltd. TGS-AGW gateway has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Guangzhou Tongjucheng Electronic Technology Co., Ltd. is a "TGS-AGW" series of security gateway products with independent intellectual property rights. It has stable performance and powerful functions. It has passed the authority certification of public information network security; products also include WIFI wireless products and switching networks Products, network security products, etc.
The TGS-AGW gateway of Guangzhou Tongjucheng Electronic Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.