VARIoT IoT vulnerabilities database
| VAR-202106-2309 | No CVE | Unauthorized access vulnerability exists in Axis P1346 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1346 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2310 | No CVE | Unauthorized access vulnerability exists in Axis P1354 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1354 Network Camera has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2313 | No CVE | ASUS ZenFone Max Pro (M2) has an information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ASUS ZenFone Max Pro (M2) is a smart phone.
ASUS ZenFone Max Pro (M2) has an information disclosure vulnerability. Attackers can use the vulnerability to monitor the content of the user's call.
| VAR-202106-2314 | No CVE | Unauthorized access vulnerabilities in multiple products of Inno Laser Technology Co., Ltd. |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Founded in 2011, Inno Laser Co., Ltd. is a national high-tech enterprise, headquartered in Shenzhen Nanshan Science and Technology Park. Processing solutions.
Many products of Inno Laser Technology Co., Ltd. have unauthorized access vulnerabilities. Attackers can use the vulnerabilities to obtain sensitive information.
| VAR-202106-2315 | No CVE | Unauthorized access vulnerability exists in Axis P1344 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1344 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2316 | No CVE | Unauthorized access vulnerability exists in Axis P1343 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1343 Network Camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2317 | No CVE | Unauthorized access vulnerability exists in Axis Q1614 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis Q1614 Network Camera has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2318 | No CVE | Unauthorized access vulnerability exists in Axis P1311 Network Camera |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Axis is an IT company that specializes in providing network video solutions.
Axis P1311 Network Camera has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202106-2332 | No CVE | SQL injection vulnerability exists in the integrated system of production, supply and marketing management and control of Yisi |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Taiyuan Yisi Software Technology Co., Ltd. is an Internet software development and system integration enterprise that relies on Internet information and Internet of Things technology to provide enterprises with complete smart factory solutions.
A SQL injection vulnerability exists in the integrated system of Yisi's production, supply and marketing management and control. Attackers can use vulnerabilities to obtain sensitive information in the database.
| VAR-202106-1213 | CVE-2021-33529 | plural Weidmueller Industrial WLAN Vulnerability in using hard-coded credentials on devices |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. plural Weidmueller Industrial WLAN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1215 | CVE-2021-33531 | plural Weidmueller Industrial WLAN Vulnerability in using hard-coded credentials on devices |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. An attacker can send diagnostic scripts while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany.
Weidmueller Industrial WLAN devices have a trust management vulnerability
| VAR-202106-1214 | CVE-2021-33530 | plural Weidmueller Industrial WLAN In the device OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1212 | CVE-2021-33528 | plural Weidmueller Industrial WLAN Vulnerability in improper compliance with coding standards on devices |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. plural Weidmueller Industrial WLAN Devices contain vulnerabilities to improper compliance with coding standards.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-1216 | CVE-2021-33532 | plural Weidmueller Industrial WLAN In the device OS Command injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Weidmueller Industrial WLAN devices is an industrial control WIAN of Weidmueller company in Germany
| VAR-202106-2134 | No CVE | Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Established in 2005, UTEPO is an industrial communication and intelligent Internet of Things solution provider with "Internet and Electricity Speed Connection" technology as the core. Based on technological innovation, it is a smart park, smart security, smart city, Provide smart IoT solutions in fields such as smart agriculture and smart manufacturing.
Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.
| VAR-202106-2135 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36511) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2136 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36512) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2137 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36513) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2138 | No CVE | D-Link DIR-809 has a denial of service vulnerability (CNVD-2021-36510) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router using RTOS.
D-Link DIR-809 has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.
| VAR-202106-2139 | No CVE | D-Link DIR-809 has a stack overflow vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
D-Link DIR-809 is a wireless router, using RTOS system.
D-Link DIR-809 has a stack overflow vulnerability, which can be exploited by an attacker to cause a denial of service attack.