VARIoT IoT vulnerabilities database

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks Co., Ltd. EG Easy Gateway has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks EG application control engine is a multi-service integrated gateway product launched by Ruijie Networks to solve the current network export problems. The EG application control engine has a command execution vulnerability, which can be exploited by an attacker to gain server control authority.

ASUS RT-N56U is a router device. ASUS RT-N56U has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

ASUS RT-N12 is a router device. ASUS RT-N12 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

picoTCP is a small footprint and modular TCP/IP stack designed for embedded systems and the Internet of Things. There are binary vulnerabilities in picoTCP and picoTCP-NG, which can be exploited by attackers to gain server control authority.

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. The H2 console of Hangzhou Hikvision Digital Technology Co., Ltd. has a command execution vulnerability. Attackers can use the vulnerability to gain control of the server.

SecPath ACG1000 is a new generation of virtualized application control gateway specially designed for NFV and cloud computing environment. New H3C Technology Co., Ltd. SecPath ACG1000 has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks EG Easy Gateway has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Chengdu Zhifeng Technology Co., Ltd. was established in October 2016. It is an emerging high-tech company integrating R&D, production and sales. The enterprise-level flow control cloud router of Chengdu Zhifeng Technology Co., Ltd. has a logic flaw vulnerability, which can be used by attackers to obtain sensitive information.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie Networks Co., Ltd. RG-ISG has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services. Ruijie Networks Co., Ltd. RG-MA1220 has a weak password vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Ruijie Networks is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, storage, etc. Ruijie NBR router has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.

The business scope of Guangdong Tianchen Network Technology Co., Ltd. includes: computer software and hardware technology development and sales; Internet and mobile Internet software products technology development and sales; mobile communication equipment and software design, etc. Vivo mobile phone interface has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Belkin Corporation is a global leader in peripheral products, providing users of computer, digital and mobile products with innovative connection technologies. The LCAD03VLNOD series has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

Belkin Corporation is a global leader in peripheral products, providing users of computer, digital and mobile products with innovative connection technologies. The LCAD03FLN series has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

The IoT smart water meter monitoring platform is a smart water meter monitoring platform developed by Shandong Kede Electronics Co., Ltd. It has functions such as water account opening, payment management, data reporting and water meter management. Shandong Kede Electronics Co., Ltd. has an unauthorized access vulnerability in the IoT smart water meter monitoring platform. Attackers can use this vulnerability to read user information without authorization, and perform unauthorized operations on water charge recharge, user management and other related functions.

Shenzhen Wanwang Broadcom Investment Management Limited Partnership (Limited Partnership) (hereinafter referred to as TG Wanwang Broadcom) is committed to the development and application of network communication products and IoT security management and control platforms. It is the next generation of weak current intelligent network solutions and the Internet of Things Security solution manufacturer. The holographic AI network operation and maintenance platform of Shenzhen Wanwang Broadcom Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.). Emissary-Ingress ( Old Ambassador API Gateway) Contains a certificate validation vulnerability.Information may be tampered with. Emissary-Ingress is an open source Kubernetes native API gateway for microservices built by Envoy proxy

WS5302 is a wireless controller. Beijing Starnet Ruijie Networks Technology Co., Ltd. WS5302 has an arbitrary file download vulnerability. Attackers can use this vulnerability to download bin files and obtain sensitive information.