VARIoT IoT vulnerabilities database
| VAR-202106-2160 | No CVE | NETGEAR WNDR3300 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The NETGEAR WNDR3300 router is a wireless router device.
The NETGEAR WNDR3300 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2161 | No CVE | NETGEAR WGR614v7 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR WGR614v7 router is a wireless router device.
The NETGEAR WGR614v7 router has a weak password vulnerability. Attackers can use this vulnerability to control the device, obtain sensitive information and perform unauthorized operations.
| VAR-202106-2162 | No CVE | TRENDnet TV-IP302PI has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TRENDnet is one of the world's major data network professional manufacturers, headquartered in Silicon Valley, USA, and has many branches in Europe and the United States.
TRENDnet TV-IP302PI has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2163 | No CVE | TRENDnet TV-IP651WI has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TRENDnet is one of the world's major data network professional manufacturers, headquartered in Silicon Valley, USA, and has many branches in Europe and the United States.
TRENDnet TV-IP651WI has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2333 | No CVE | Xiamen Sixin Communication Technology Co., Ltd. RMP router management platform has logic flaws and vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Xiamen Sixin Communication Technology Co., Ltd. is a backbone enterprise in the wireless communication field of China's Internet of Things. It is a high-tech enterprise covering products, services and management activities with strong values of "integrity, trust, confidence, and belief".
The RMP router management platform of Xiamen Sixin Communication Technology Co., Ltd. has a logic flaw vulnerability, which can be used by attackers to obtain sensitive data.
| VAR-202106-1176 | CVE-2021-33346 | DSL-2888A Illegal authentication vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. DSL-2888A The firmware contains a vulnerability related to unauthorized authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-link DSL-2888A is a unified service router of China D-link Corporation.
D-LINK DSL-2888A has a security loophole
| VAR-202106-2086 | No CVE | Inspur Group Co., Ltd. Management System has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business of Inspur Group Co., Ltd. covers cloud data centers, cloud service big data, smart cities, smart enterprises and other business sectors, and has formed an overall solution service capability covering four levels of infrastructure, platform software, data information and application software.
The Management System of Inspur Group Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2088 | No CVE | Panabit Smart Application Gateway has command execution vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Panabit's four to seven-layer smart gateways are specially customized for small and medium-sized users, which can solve a series of practical needs from network access, multi-line aggregation, application optimization, load balancing, behavior management, user authentication, WIFI with machine guarantee, log audit, etc. .
The Panabit Smart Application Gateway has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.
| VAR-202106-2090 | No CVE | Unauthorized access vulnerability exists in Sharp MX-3610N |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sharp is a Japanese electrical and electronic company.
Sharp MX-3610N has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2091 | No CVE | EnGenius EAP1750H has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EAP1750H is a 2.4G and 5G dual-band wireless router from EnGenius.
EnGenius EAP1750H has a weak password vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202106-2092 | No CVE | EnGenius ENS202EXT has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ENS202EXT is an outdoor wireless bridge made by EnGenius.
EnGenius ENS202EXT has a weak password vulnerability. Attackers can use vulnerabilities to obtain sensitive information.
| VAR-202106-2093 | No CVE | Unauthorized access vulnerability exists in Cohu IP Camera Control |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cohu provides the most extensive equipment and service portfolio for back-end semiconductor manufacturing, including one-stop testing and processing equipment, thermal subsystems, test contacts, visual inspection and MEMS test solutions.
Cohu IP Camera Control has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2337 | No CVE | Unauthorized access vulnerability exists in Dell B3460DN monochrome laser printer |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The business scope of Dell (China) Co., Ltd. includes: manufacturing, assembling, researching and developing computer products, mobile phone products, network communication equipment (routers, switches, network data center products), etc.
The Dell B3460DN monochrome laser printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1478 | CVE-2021-29087 | Synology DiskStation Manager Traversal Vulnerability in Japan |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Contains a path traversal vulnerability.Information may be tampered with. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1477 | CVE-2021-29086 | Synology DiskStation Manager Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. Synology DiskStation Manager (DSM) Contains an information disclosure vulnerability.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1476 | CVE-2021-29085 | Synology DiskStation Manager Injection vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to injection.Information may be obtained. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-1129 | CVE-2021-27649 | Synology DiskStation Manager Vulnerabilities in the use of freed memory |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. Synology DiskStation Manager (DSM) Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information
| VAR-202106-2087 | No CVE | EDIMAX N300 Wi-Fi router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EDIMAX N300 Wi-Fi is a 2.4G single-band wireless router of Xunzhou Technology Co., Ltd.
The EDIMAX N300 Wi-Fi router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-2089 | No CVE | ZyXEL ADSL Router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ADSL is a broadband dial-up router equipment of ZyXEL Company.
ZyXEL ADSL Router has a weak password vulnerability. Attackers can use this vulnerability to log in to the background of the system and perform unauthorized operations.
| VAR-202106-2094 | No CVE | EDIMAX Wireless wireless router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
EDIMAX Wireless is a 2.4G and 5G dual-band wireless router of Xunzhou Technology Co., Ltd.
The EDIMAX Wireless wireless router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.