VARIoT IoT vulnerabilities database

TP-LINK Technology Co., Ltd. ("TP-LINK" for short) is the world's leading supplier of network communication equipment. Many TPLINK routers have binary vulnerabilities, which can be exploited by attackers to cause denial of service.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FWB201S, FWB505, FAC1203R, and FWB200 have a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

TP-Link TL-WDR5620 is an intelligent router. TP-Link TL-WDR5650 is a dual-band wireless router. TP-LINK TL-WR842N is a wireless router. TP-link TL-WDR7660, TL-WDR7620, TL-WDR7661, TL-WDR7650 and TL-R470P-AC are all gigabit routers. TP-link TL-WA933RE is a wireless extender for mobile phones. Many TPLINK routers have stack overflow vulnerabilities. Attackers can use the vulnerability to cause stack buffer overflow.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FWB201S, FWB505, FAC1203R, and FWB200 have a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001. Its business scope includes: general business items are: computer wireless local area network products, computer software and hardware, communication equipment, electronic products, network security equipment technology development, etc. . MERCURY M6G, D196G, MW310RE, MIAP1200GP have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001. Its business scope includes: general business items are: computer wireless local area network products, computer software and hardware, communication equipment, electronic products, network security equipment technology development, etc. . MERCURY D121G, MW310R, M6G, and D196G have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Shenzhen Meikexing Communication Technology Co., Ltd. (hereinafter referred to as MERCURY) was established in 2001, with a well-known independent brand "MERCURY (Mercury)", focusing on providing excellent products and solutions in the field of network communications and security monitoring. MERCURY M6G, D196G, D12A, and D121G have binary vulnerabilities, which can be exploited by attackers to cause denial of service.

Shenzhen Xunjie Communication Technology Co., Ltd. (hereinafter referred to as FAST) is a provider of user-end network and communication technology and equipment in China. Founded in 2002, headquartered in Shenzhen High-tech Industrial Zone. It is a high-tech enterprise with a complete independent research and development, manufacturing and marketing system. FAST FAC1203R, FR100P-AC, FAC1900R, and FAC1200R have a denial of service vulnerability. Attackers can use this vulnerability to cause a denial of service.

Tiandi Weiye Technology Co., Ltd. (TIANDY) is an Internet of Things enterprise focusing on the development, production and sales of video surveillance products. Tiandiweiye Easy7 video surveillance platform has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information.

There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10. plural Huawei The product contains unspecified vulnerabilities.Information may be tampered with. Huawei S12700, etc. are all enterprise-class switch products of China's Huawei (Huawei) company

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. Huawei eCNS280 is the core network equipment of China's Huawei (Huawei) wireless broadband trunking system. In addition to providing the network functions of the traditional core network, it also provides capacity configuration for each network element according to the actual application by virtualizing the network element functions and sharing standardized hardware resources among multiple network elements, which improves the efficiency of network expansion and reduction. Business online efficiency There is a security vulnerability in eCNS280

There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931. ManageOne and SMC2.0 Is vulnerable to a race condition.Denial of service (DoS) It may be put into a state. Huawei Manageone is a set of cloud data center management solutions of China Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance. Many Huawei products have security vulnerabilities. 0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931

Downloop-G24M is a new generation ISP level L2 managed switch of Internet Technology Co., Ltd. Internet Technology Co., Ltd. Downloop-G24M has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Howay SW-26242 is a full Gigabit managed POE switch. Suzhou Hamming Technology Co., Ltd. Howay SW-26242 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Committed to the development and application of network communication products and IoT security management and control platforms, it is a next-generation weak current intelligent network solution and IoT security solution manufacturer. Shenzhen Wanwang Broadcom Technology Co., Ltd. 26G-2F-MANAGED has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Shenzhen Wanwang Brocade Network Technology Co., Ltd. is a company mainly engaged in technology research and development, development, and sales of network communication equipment, computers, other electronic products, integrated circuits, and mechanical equipment. Shenzhen Wanwang Brocade Network Technology Co., Ltd. BK-S1000-24POE/BK-S1000-8POE has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

NETGEAR DGN2200v3 is a wireless router. NETGEAR DGN2200v3 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

NETGEAR DGN1000 is a wireless router. NETGEAR DGN1000 has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Shenzhen Airspace Technology Co., Ltd. is a network communication equipment supplier, dedicated to the research and development of network communication equipment. Airspace technology WIFISKY 7-layer flow control router has a weak password vulnerability. The attacker uses a weak password to log in to the background to obtain sensitive information.

Teledyne FLIR focuses on the design, development, production, marketing and promotion of professional technologies for enhancing situational awareness. FLIR-AX8 has an arbitrary file download vulnerability. Attackers can use vulnerabilities to download related system configuration files.