VARIoT IoT vulnerabilities database
| VAR-202106-2167 | No CVE | Ruijie Networks NBR1300G-E has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks NBR1300G-E has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2168 | No CVE | Ruijie Networks NBR2100G-E has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks NBR2100G-E has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2169 | No CVE | Ruijie Networks EG2000SE has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000SE has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2170 | No CVE | Ruijie Networks EG2000CE has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000CE has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-2171 | No CVE | Ruijie Networks EG2000K has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks is a provider of ICT infrastructure and industry solutions. Its main business is the research and development, design and sales of network equipment, network security products and cloud desktop solutions.
Ruijie Networks EG2000K has a weak password vulnerability. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202106-1321 | CVE-2021-31664 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1320 | CVE-2021-31663 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1319 | CVE-2021-31662 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1318 | CVE-2021-31661 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 contains a buffer overflow that could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1317 | CVE-2021-31660 | RIOT-OS Buffer Overflow Vulnerability in Linux |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things
| VAR-202106-1668 | CVE-2021-32424 | TrendNet TW100-S4W1CA cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. TrendNet TW100-S4W1CA Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TrendNet TW100-S4W1CA is a four-port broadband router.
TrendNet TW100-S4W1CA version 2.3.32 has a cross-site request forgery vulnerability. The vulnerability stems from the lack of proper session control
| VAR-202106-1669 | CVE-2021-32426 | TrendNet TW100-S4W1CA cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. TrendNet TW100-S4W1CA Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TrendNet TW100-S4W1CA is a four-port broadband router.
TrendNet TW100-S4W1CA version 2.3.32 has a cross-site scripting vulnerability
| VAR-202106-2166 | No CVE | H3C ER3100 VPN router has a binary vulnerability |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
H3C ER3100 is a high-performance VPN router, mainly positioned in the SMB market of Ethernet/optical/ADSL access and network environments such as government, corporate institutions, and Internet cafes.
The H3C ER3100 VPN router has a binary vulnerability, which can be exploited by an attacker to gain control of the server.
| VAR-202106-2180 | No CVE | Arbitrary file reading vulnerability exists in GlassFish |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
GlassFish is a robust commercial compatible application server.
GlassFish has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202106-1226 | CVE-2021-34811 | Synology Download Station Server-side Request Forgery Vulnerability |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
| VAR-202106-1225 | CVE-2021-34810 | Synology Download Station Vulnerability in privilege management |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability
| VAR-202106-1223 | CVE-2021-34808 | Synology Media Server Server-side Request Forgery Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors. Synology Media Server is a media server. Synology Media Server versions prior to 1.8.3-2881 have a code problem vulnerability. The vulnerability stems from the Server-Server Request Forgery (SSRF) vulnerability of the cgi component
| VAR-202106-1224 | CVE-2021-34809 | Synology Download Station Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
| VAR-202106-0899 | CVE-2021-0143 | Intel(R) Brand Verification Tool Inappropriate Default Permission Vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Brand Verification Tool Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Brand Verification Tool (BVT) is a tool used by Intel Corporation to test vPro and generate reports. After the test is passed, the customer can obtain the qualification to stick the vPro Logo by submitting the report
| VAR-202106-1772 | CVE-2021-34202 | D-Link AC2600 Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. D-Link AC2600(DIR-2640) Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link AC2600 is a wireless device produced by D-Link in Taiwan.
D-Link AC2600 has security vulnerabilities